Back to skill

Security audit

narrative-topology

Security checks across malware telemetry and agentic risk

Overview

This is a local Python helper for extracting marked relationship triples into an adjacency matrix, with the main caution that it recursively reads matching files under the directory where it is run.

Install only if you are comfortable running a local scanner. Run it from a dedicated folder containing the documents you want analyzed, not from a home directory or broad repository root, because it recursively reads matching files and prints any extracted graph structure.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill embeds Python code that recursively reads files from the current working directory, but the skill metadata does not declare permissions or warn users about that file access. In an agent environment, undeclared file-reading behavior can expose unrelated local documents, source files, or sensitive workspace contents beyond what the user intended to analyze.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The skill claims to extract semantic relationships from narratives, but the implementation actually walks the filesystem, parses only specially marked inline syntax, and ignores predicates entirely. This mismatch is security-relevant because users may trust the description and run it on a workspace without realizing it will recursively inspect many local files, increasing the chance of unintended data exposure and misuse.

Description-Behavior Mismatch

Low
Confidence
84% confidence
Finding
The scanner recursively walks the entire current working directory and reads matching files, which is broader than the skill description suggests. In an agent environment, this can unintentionally ingest unrelated repository content, including sensitive local documents, and expose their derived structure in output without clear user intent.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The markdown instructs users to run a scanner that recursively reads files in the current directory, but it does not prominently warn that this can sweep in many documents and source files. In practice, that broad default can cause unintended collection and processing of sensitive local content, especially when used in shared repos or home directories.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.