Back to skill

Security audit

Glin Profanity MCP

Security checks across malware telemetry and agentic risk

Overview

This profanity moderation skill is not clearly malicious, but it needs review because it can track users and build moderation histories without explaining how that data is stored or controlled.

Install only if you trust the npm package and have a real moderation need for user profiling. Before using the tracking tools, confirm where message history is stored, who can access profiles or high-risk lists, how long records are retained, and how incorrect or stale user data can be deleted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill advertises tools for tracking user messages, moderation history, and identifying high-risk users without any guidance on consent, retention, access controls, or lawful handling of personal data. In an AI-assistant workflow, this can normalize collection and profiling of user behavior and lead operators to process sensitive moderation data in ways that violate privacy expectations or applicable policies.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.