Back to skill

Security audit

Embedded Solution

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent hardware-selection assistant, but its reference library mixes official-source rules with unverified or off-catalog BOM guidance that users should review before relying on it.

Install only if you are comfortable with a skill that may fetch datasheets and product pages from the web and use optional Firecrawl credentials. Treat bundled BOM templates as starting points, not production-ready engineering authority; verify every part number, electrical rating, lifecycle status, and safety/compliance claim against current official vendor datasheets before using it in a real design.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (45)

exec() call detected

High
Category
Dangerous Code Execution
Content
state = {"BASELINE": [(p, ic, list(m)) for p, ic, m in BASELINE]}
        namespace = {"_state": state}
        try:
            exec(nt["mutate"], namespace)
        except Exception as e:
            print(f"❌ {nt['name']:50}  EXEC ERROR: {e}")
            neg_failures += 1
Confidence
94% confidence
Finding
exec(nt["mutate"], namespace)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill declares no permissions while its instructions clearly require sensitive capabilities including file reads/writes, network access, shell execution, and environment access. This creates a hidden capability surface: a caller or reviewer may trust the skill as low-risk while it can fetch remote content, modify local repositories, and invoke command-line tools, which increases the chance of data exposure, prompt-influenced command execution, or unintended system changes.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The documented purpose is advisory chip selection, but the embedded behavior expands into crawling external sites, downloading/parsing PDFs, updating YAML databases, rebuilding indexes, and running tests/maintenance tasks. This mismatch is dangerous because users and policy engines may invoke the skill expecting read-only recommendation behavior, while the skill can perform broader state-changing or execution-heavy actions that enable repository tampering, supply-chain poisoning from fetched content, or misuse of local tooling.

Intent-Code Divergence

High
Confidence
94% confidence
Finding
The skill metadata requires component specs to come from official vendor sources, but this file explicitly bases recommendations on third-party teardowns and multi-vendor observations. In an embedded design assistant, this can cause users to rely on inaccurate, stale, or non-authoritative specifications when selecting safety-, power-, or cost-critical components.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The file presents a seemingly actionable BOM while including an 'off-catalog' PMIC and uncatalogued external components, which undermines traceability and verification. In this skill context, users may mistake these entries for validated recommendations and design around unavailable, obsolete, or mismatched parts, leading to procurement failure or flawed hardware decisions.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
This skill explicitly requires component specifications to come from official vendor sources, yet the motor driver BOM entries are marked 'off-catalog' and provide no official source links. In an embedded-solution skill, unsupported or stale component references can cause users to select unavailable, mis-specified, or inappropriate parts for power electronics designs, leading to redesign cost or hardware reliability/safety issues.

Description-Behavior Mismatch

Low
Confidence
84% confidence
Finding
The document makes concrete performance claims such as CPU suitability for FOC, motor speed applicability, and ADC sufficiency without consistently showing official vendor-source support in the document itself. In this skill's context, these unsupported engineering claims may mislead downstream recommendations and cause users to choose undersized controllers or invalid control architectures.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The skill metadata explicitly requires all component specs to be fetched from official vendor sources, but this file bases verification on intermediate product_families summaries and even lists an 'off-catalog here' charger entry instead of a directly validated official product page or datasheet. In a hardware recommendation skill, this can propagate incorrect electrical characteristics, availability, or pricing into downstream design decisions, leading users to select unsuitable PMICs or chargers for production designs.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
This is a real integrity and safety issue because the file presents specific BOM candidates and suitability claims while explicitly lacking verified numerical specs and relying on third-party/community placeholders. In an embedded-solution skill that requires official vendor-sourced specifications and forbids fabrication, users could act on incomplete or inaccurate hardware guidance and make unsafe or nonfunctional design decisions.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
This is a true vulnerability because the document asserts that the BOM reflects observed shipped products or turnkey third-party reference designs, but later admits there is no teardown evidence and that the justifications are placeholders. That contradiction can mislead downstream users or the agent into treating speculative content as evidence-backed sourcing, which is especially dangerous in hardware selection for industrial robotic systems.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The file explicitly bases BOM recommendations on third-party teardowns, marketplaces, and community schematics even though the skill requires official vendor sources for component specifications. In an embedded design skill, this can propagate inaccurate or unverified part capabilities into user-facing recommendations, leading to bad component selection, procurement mistakes, or unsafe hardware designs.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The document presents verification status in a way that can mislead downstream users into believing vendor pages and extracted specs are confirmed, while multiple entries are simultaneously marked pending, blocked, or sourced from mirrors. In this skill context, trust in verification status directly affects hardware recommendation quality, so inconsistent validation metadata can cause users or agents to rely on unverified specs as if they were authoritative.

Intent-Code Divergence

High
Confidence
95% confidence
Finding
The document states that numerical specs are cross-checked against official vendor datasheets fetched at runtime, yet the surrounding content explicitly admits some values are unverified, sourced from a private spec database, pending manual confirmation, or derived from third-party/community material. In a hardware-selection skill that promises official-source accuracy and forbids fabrication, this creates a trust-boundary failure: downstream users or agents may rely on claimed verification status and make design or procurement decisions on incorrect technical data.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The checklist claims all BOM parts have vendor product page URLs or are noted as external, but several BOM components are listed only as typical external options and are outside the catalog, which weakens the assurance that all required parts are traceable to official sources. In this skill’s context, incomplete source traceability can cause users to treat placeholder or marketplace-derived component suggestions as verified BOM guidance.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The document explicitly claims the BOM candidates come from vendor product pages and multi-vendor reference designs, but later includes STM32G0 as 'off-catalog' and justifies it using clone-module availability rather than an official vendor source. In this skill, that is a real integrity issue because users are instructed that component specs must come from official vendor sources, so this can mislead downstream design decisions and erode trust in the sourcing guarantees.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The file recommends STM32G0 as a USB MCU candidate while simultaneously marking it '(off-catalog)' and later stating it is 'not catalogued,' which directly violates the skill's requirement that all component specs be fetched from official vendor sources. In an embedded-solution skill, this is more dangerous than generic documentation drift because users may rely on these recommendations for BOM selection, procurement, compliance, or hardware bring-up.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The document explicitly states it relies on third-party teardowns, OEM references, and vendor-neutral observed BOMs, which conflicts with the skill requirement that all component specs come from official vendor sources. In an embedded design assistant, this can cause the agent to recommend unverifiable or inaccurate components, undermining procurement, safety, and compliance decisions for mains-powered hardware.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The BOM recommends off-catalog parts from unspecified 'Chinese vendor' sources for power metering, AC/DC, and relay functions, without authoritative manufacturer identity or official datasheets. For a mains-connected smart plug, such ambiguity is dangerous because it can lead to incorrect electrical, thermal, isolation, or certification assumptions in a safety-critical design.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The verification section claims certain items are 'verified' while simultaneously admitting that several recommended components are not catalogued and are sourced from marketplace availability. This contradiction can mislead users into over-trusting the recommendation set and reduces the reliability of provenance checks that are especially important for regulated, mains-powered embedded products.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The file is presented as a vendor-grounded reference for part selection, but it attributes IEEE 802.15.4/Thread/Zigbee capability to ESP32-S3, which is inconsistent with the cited part identity. In an embedded-solution skill that explicitly promises official-source accuracy and forbids fabricated parameters, this can mislead users into selecting the wrong silicon, causing redesigns, procurement mistakes, or insecure architecture assumptions around wireless protocol support.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The skill metadata explicitly requires that component specifications be fetched from official vendor sources and never fabricated, yet this section includes unsupported assertions such as drop-in replacement claims and pricing that are not clearly substantiated by the cited vendor materials. In an embedded-solution skill, inaccurate sourcing can mislead chip selection, BOM decisions, and reference design choices, causing downstream engineering, procurement, or compatibility errors.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The file contains inconsistent verification guidance: it says numerical parameters were removed and must never be transcribed from this reference, while later notes indicate some YAMLs now contain extracted spec data and others contain family-page marketing data. In an embedded-component recommendation skill, this inconsistency can cause the agent to rely on stale, unverified, or differently verified sources, leading to incorrect part selection, BOM errors, or unsafe engineering recommendations.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The file contains internally inconsistent verification metadata: it states the family landing page URLs returned 404, yet also marks the same family hub entries as verified/reachable. In this skill, that can mislead the agent into trusting broken or stale vendor links as authoritative sources, undermining the requirement to use official verified sources and increasing the chance of inaccurate component recommendations.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The verification section contradicts earlier statements in the same file and even cites different spec values from the referenced YAML, which undermines trust in the document's claimed vendor-verified accuracy. In an embedded solution skill that explicitly requires official-source fidelity and forbids fabricated parameters, this can lead users to make incorrect architecture, memory, or protocol decisions based on inconsistent technical data.

Intent-Code Divergence

Low
Confidence
88% confidence
Finding
The file claims official vendor sourcing, but the BOM includes off-catalog components such as display and sensor options without official-source backing in the document. In a component-selection skill, unsupported BOM suggestions can mislead users into assuming those parts were verified for compatibility, availability, or performance when they were not.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.