Back to skill

Security audit

tech-dynamics

Security checks across malware telemetry and agentic risk

Overview

This skill is low-risk to your system but needs review because it claims to produce latest tech-news briefings while its script outputs canned, unsupported updates.

Install only if you are comfortable treating its output as a rough template, not verified current news. Before relying on briefings for business or financial decisions, confirm sources yourself; the script appears to fetch public pages but then prints canned updates rather than deriving the briefing from those sources.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill invokes shell commands (`curl`, `grep`, `head`, and a shell loop) but does not declare any corresponding permissions, creating a capability/permission gap. This weakens policy enforcement and review because users or orchestrators may believe the skill is non-executing or lower risk when it can perform networked shell activity.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.