Back to skill

Security audit

W-Spaces Deploy

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward W-Spaces deployment helper, but users should handle its API keys and public deploy actions carefully.

Install only if you trust W-Spaces and intend to let the agent deploy public static sites there. Use a dedicated API key, avoid pasting real credentials into chat or committing them to files, verify WSPACES_API_URL is unset or trusted, review site contents before deployment, and confirm any API key creation or revocation action before it runs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill invokes shell scripts but does not declare corresponding permissions, which weakens transparency and safety controls for users and policy engines. Hidden or undeclared shell capability increases the chance that an agent executes local commands or handles sensitive data in ways the user did not explicitly authorize.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The stated purpose is deployment, but the documented behavior also includes account registration, password-based login, profile access, and API key lifecycle management. This expands the trust boundary significantly beyond deployment and could lead an agent to collect credentials, create persistent access tokens, or modify account security state without the user clearly understanding that scope.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README instructs users to register, log in, export a live API key into the shell, and deploy content to a public URL, but it provides no warning about protecting the credential, avoiding shell-history leakage, or confirming that deployment makes content publicly accessible. In an agent skill context, this omission increases the chance of accidental secret exposure or unintended publication of sensitive/internal content because the workflow is presented as a simple default path.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The setup guide instructs users to handle a live API key and persist it in a shell startup file without warning about credential sensitivity, shell history exposure, or risks from leaving long-lived secrets in plaintext environment configuration. In a deployment skill, this increases the chance of accidental credential disclosure through shared machines, dotfile syncing, backups, terminal logs, or later command/debug output.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill instructs users to handle email/password credentials and API keys and to deploy content to a live public URL, but it does not include explicit warnings about protecting secrets or the consequence of publishing publicly accessible content. In an agent setting, this can normalize unsafe secret exposure in prompts, logs, shell history, or .env files and can cause accidental publication of sensitive or unreviewed content.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The revoke-key action performs an irreversible remote deletion immediately based on a provided key ID, with no confirmation prompt, dry-run mode, or safeguard against targeting the wrong key. In an agent or scripted context, this raises the chance of accidental credential revocation, causing service disruption or loss of access.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
README.md:28

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
references/wspaces-api.md:8

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
SETUP.md:24

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
SKILL.md:22