Lease Review

Security checks across malware telemetry and agentic risk

Overview

This skill is a local Taiwan lease-review helper whose file access is disclosed and fits its report-generation purpose.

Install only if you are comfortable running a local report generator on lease data. Use copies of contracts, avoid placing confidential files in broad shared locations, choose an output path that will not overwrite something important, and treat generated reports as sensitive legal/business documents.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill instructs use of a local script and references reading from and writing to files, but no explicit permission model is declared. This creates a capability gap where file access may occur without clear user awareness or sandbox constraints, increasing the risk of unintended data exposure or overwrite if the skill is executed in an environment that honors those capabilities.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal