Wayfront

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Wayfront MCP helper for querying workspace business data, with sensitive access that is disclosed and aligned with its purpose.

Install only if the agent is authorized to view the connected Wayfront workspace. Use the least-privileged MCP token available, review the live tool list before use, keep queries narrow, and avoid sharing retrieved client, billing, support, team, template, or audit-log data outside trusted channels.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill explicitly enables access to sensitive workspace business records such as clients, invoices, tickets, subscriptions, logs, and team data via an MCP token, but the documentation does not warn users about data sensitivity, least-privilege token scoping, or safe handling of retrieved information. In a business-data integration skill, this omission increases the likelihood of overbroad access, accidental disclosure, or misuse of production data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal