Low-Visibility Fix

Security checks across malware telemetry and agentic risk

Overview

This skill is an audit tool that reads UI files, runs local analyzers, and writes report documents, with no evidence of hidden edits, exfiltration, or persistence.

Install if you want a local UI audit/report generator. Expect it to read scoped UI files, run bundled Python analyzers, optionally use a bounded visual/browser pass, and create audit output files; treat the "fix" wording as recommendations for another implementer, not automatic source edits.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill declares no explicit permissions, yet its instructions invoke local file reads, file writes, shell execution, and potentially networked/browser rendering. That mismatch is a real security issue because it hides the actual capability footprint from reviewers and policy enforcement, making it easier for a seemingly documentation-only skill to access source files, execute scripts, and write artifacts into the target tree or external locations if guardrails fail.

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: The manifest advertises that the skill will 'audit & fix' and the default prompt says 'audit and fix this UI', while the declared skill purpose says it never edits the target and only produces handoff documents. This mismatch can cause an orchestrator or user to invoke the skill in contexts where modification is expected, increasing the risk of unauthorized changes, unsafe chaining to editing agents, or misuse of the skill beyond its intended read-only scope.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: Implicit invocation is enabled even though the activation boundary is not narrowly encoded in the manifest, and the metadata uses broad language about 'fixing' UI. In an agentic system, that ambiguity can cause the skill to be auto-selected for requests outside its intended low-visibility audit scope, leading to overbroad analysis, unintended workflow execution, or accidental participation in edit-oriented task chains.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal