Back to skill

Security audit

Skill Vetting Tianjin

Security checks across malware telemetry and agentic risk

Overview

This is a coherent skill-review helper with a local regex scanner; the risky-looking strings are disclosed examples and detection patterns, not hidden behavior.

Install only if you want a conservative local triage tool for reviewing skills. Run it on archives unpacked in a disposable directory, verify the slug/version because embedded metadata is inconsistent, and treat regex findings as leads for manual review rather than final proof.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Lp3

Medium
Category
MCP Least Privilege
Confidence
96% confidence
Finding
The skill performs network access, shell execution, and file reads in its documented workflow, but it does not declare any permissions in the frontmatter. This creates a trust and review gap: users and tooling cannot accurately assess the capability surface before use, which can lead to unintended execution of sensitive operations.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dynamic_code_execution, suspicious.prompt_injection_instructions

Dynamic code execution detected.

Critical
Code
suspicious.dynamic_code_execution
Location
scripts/scan.py:22

Prompt-injection style instruction pattern detected.

Warn
Code
suspicious.prompt_injection_instructions
Location
references/patterns.md:108