Byted Bytehouse Multimodal Search

Security checks across malware telemetry and agentic risk

Overview

The skill appears to support ByteHouse multimodal search as advertised, but it needs review because it can create/write database content and may route SQL through an undeclared MCP client by default.

Install only after reviewing the database authority you are granting. Use a dedicated least-privilege ByteHouse account, disable or explicitly configure MCP use unless you intend it, pin dependencies in sensitive environments, and avoid indexing sensitive text, media URLs, or metadata unless you are comfortable storing them persistently in ByteHouse and sending inputs to the Ark embedding API.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill documentation instructs use of sensitive configuration via environment variables and references operational capabilities such as env-backed secrets and external service access, but it does not declare permissions. This creates a transparency and governance gap: an agent or reviewer may underestimate that the skill can access credentials and remote systems, increasing the risk of unintended secret exposure or unauthorized outbound actions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal