Back to skill

Security audit

ScopeBlind Passport

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent local audit and access-control wrapper for MCP tools, but users should protect its local signing key and activity logs.

Install this if you want a local MCP gateway that records and signs tool-use receipts. Before using it seriously, pin or verify the npm packages, protect keys/gateway.json and receipt files from sync or source control, and use explicit requests before showing passport, digest, or receipt data. For real blocking, enable enforce mode with a narrow policy instead of relying on the default shadow policy.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The README suggests natural-language trigger phrases like "What did you do today?", "Show my passport", and "Show my receipts" that are broad enough to overlap with ordinary conversation. In an agent skill context, overly generic phrases can cause unintended invocation or disclosure of receipts/activity logs when a user is speaking casually, especially if trigger matching is not tightly scoped.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The skill defines broad natural-language triggers like 'Show my passport' and 'What did you do today?' that could cause command execution when a user is only asking about capabilities or quoting text. In agent environments, overly loose trigger phrases can lead to unintended local command execution and disclosure of activity, receipts, or identity information without sufficiently explicit user intent.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The setup flow generates and stores sensitive local artifacts including an Ed25519 keypair and receipt logs, but the skill does not prominently warn users about their location, sensitivity, retention, or file-permission expectations. That increases the risk of accidental exposure, backup leakage, or insecure handling of signing keys that underpin the trust model.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.