Buffer Calculator

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a legitimate buffer calculator, but it requests broader local powers than it discloses and its included calculation code produces dangerously incorrect lab quantities.

Install only with caution. The package does not show credential theft, network exfiltration, or persistence, but it should not be trusted for real lab preparation until the mass calculation is fixed and independently tested. If used at all, restrict file-writing permissions and verify every recipe against a trusted lab reference.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Intent-Code Divergence

Medium

Confidence: 96% confidence
Finding: The skill’s security section claims there is no file system access, but the manifest explicitly enables Write/Edit/Bash and the documentation describes producing output files. This mismatch can mislead operators, reviewers, or policy engines into granting the skill more trust than warranted, increasing the chance of unauthorized file creation or modification in a real workflow.

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: A buffer-calculation skill does not inherently require Bash or broad file-modification capabilities, so granting them violates least privilege. If invoked by an agent, these unnecessary permissions expand the attack surface and could be abused to run shell commands or alter local files unrelated to buffer calculations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal