prom-query

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed, read-only Prometheus query helper that can expose monitoring data but does not show hidden, destructive, or unrelated behavior.

Install this only for Prometheus environments the agent is allowed to inspect. Prefer a least-privilege read-only token, avoid using admin or broad shared credentials, and remember that metrics, alert labels, target URLs, and rule definitions may reveal internal service details.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill declares a shell-backed tool (`command: bash scripts/prom-query.sh`) but does not declare any permissions or execution constraints. Even though the documented behavior is read-only and focused on Prometheus queries, invoking a shell script expands the attack surface because user-controlled arguments and environment variables are passed into executable code that is not visible here, making the actual runtime capabilities broader than the manifest suggests.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal