Meegle Connector
Security checks across malware telemetry and agentic risk
Overview
The skill appears to be a real Meegle connector, but it handles persistent OAuth credentials and can change business work items without enough scoped safeguards.
Install only if you trust the Meegle workspace access and the npm package. Prefer browser OAuth so the agent does not handle credential contents directly, protect ~/.mcporter/credentials.json, and require the agent to show exact proposed work-item changes before creating, modifying, or transferring anything.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.