Used Market Watch

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its used-market monitoring purpose, but its automation output can generate unsafe shell/cron commands from user-controlled text.

Install only if you are comfortable with marketplace searches being sent to third-party sites and local watch history being saved. Review any generated cron, systemEvent, persist, or recommended command before use, and do not let another agent execute those command strings blindly through a shell.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill documentation describes capabilities to read and write local state (`data/watch-rules.json`) and access the network via Playwright, but it does not declare any permissions. This creates a trust and sandboxing gap: an orchestrator or reviewer may treat the skill as low-privilege while it can persist data and make external requests, increasing the risk of unintended file modification, data exposure, or network misuse.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal