Back to skill

Security audit

17track package tracking

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed parcel-tracking skill that stores tracking data locally and talks to 17TRACK as expected.

Install only if you are comfortable providing a 17TRACK API token and storing parcel history in the workspace. Prefer polling unless you need webhooks; if using webhooks, keep the server bound to localhost or behind a trusted endpoint and be aware that spoofed or invalidly signed payloads may still be stored and applied locally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill declares no explicit permissions, yet its documented behavior clearly requires environment variable access, local file read/write, and outbound network access. This creates a transparency and policy-enforcement gap: an agent or reviewer may treat the skill as lower-privilege than it really is, increasing the chance of unintended secret exposure, filesystem modification, or network use without informed approval. The webhook and SQLite features make the capability set broader than a simple read-only tracking helper.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.