Back to skill

Security audit

Context7 MCP

Security checks across malware telemetry and agentic risk

Overview

Context7 is a straightforward documentation-search CLI with expected API-key and external-query privacy considerations.

Install only if you are comfortable sending documentation search terms and questions to Context7. Use a dedicated Context7 API key, keep any .env file out of source control and logs, rotate the key if exposed, and avoid putting credentials, proprietary code, private URLs, or customer data into queries.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill appears to have operational capabilities involving environment access and network use, but no declared permissions are present in the skill file. This creates a transparency and policy-enforcement gap: users and reviewers cannot accurately assess what the skill can access, and permission controls may be bypassed or misapplied.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
query.ts:23