Back to skill

Security audit

Research Assistant Deep

Security checks across malware telemetry and agentic risk

Overview

This is a coherent research workflow skill that uses disclosed web search and fetch tools, with no evidence of hidden access, persistence, credential handling, or destructive behavior.

Reasonable to install for normal research tasks. Treat fetched web pages as untrusted source material, verify important conclusions from the cited sources, and do not include sensitive private data in search queries.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
70% confidence
Finding
Without declared permissions the skill's intent is opaque and cannot be validated.

Tp4

High
Category
MCP Tool Poisoning
Confidence
99% confidence
Finding
This is a mismatch because the declared purpose describes a broad research assistant capable of multi-step investigation, synthesis, comparison across sources, and structured reporting, while the actual code only classifies URLs into credibility tiers using simple domain-based rules. It does not perform web research, retrieve sources, compare findings, synthesize information, or track citations. The code's primary purpose is materially narrower and different from the declared description.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.