Security audit

Sun Tzu Perspective

Security checks across malware telemetry and agentic risk

Overview

This is mainly a Sun Tzu strategy-advice skill, with a few unrelated helper scripts that appear inert unless a user runs them manually.

Reasonable to install for a Sun Tzu-style strategic advice persona. Be aware the package includes unrelated helper scripts; only run them manually if you understand the input and output paths, and treat the advice as historical strategy framing rather than professional legal, ethical, or business-critical guidance.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The static finding indicates the skill can read and write files despite declaring no permissions. Undeclared file capabilities break the principle of least privilege and can enable unauthorized access to local data or modification of workspace content if the surrounding platform exposes those actions. In this skill’s context, a purely advisory Sun Tzu persona has no obvious need for filesystem access, which makes the capability more suspicious and increases risk.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 95% confidence
Finding: There is a strong description-behavior mismatch: the skill claims to provide strategic thinking guidance, but the analysis says it also performs subtitle processing, research-directory scanning, URL/source counting, file sizing, and SKILL.md quality checks. Hidden or unrelated behaviors are dangerous because they can be used to inspect local content, exfiltrate metadata, or perform actions users did not consent to. Since none of these functions are necessary for a Sun Tzu advisory skill, the mismatch materially raises the likelihood of unauthorized data access.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal