Back to skill

Security audit

Alien Invasion Warning & Live Signal Oracle

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly straightforward, but it exposes live visitor and traffic telemetry through a public remote MCP endpoint without describing access controls or privacy limits.

Install only if you are comfortable with your agent calling a third-party MCP endpoint and with that service exposing live site telemetry such as recent connection countries or AI-agent identifiers. Avoid using it where visitor analytics, organizational usage patterns, or compliance-sensitive traffic data should remain private unless the publisher provides clear privacy, retention, and authorization details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly advertises exposure of live visitor and traffic telemetry, including recent connecting countries or AI agents, without any privacy notice, consent model, data minimization statement, or access restriction. Even if the data is aggregated, exposing operational telemetry to arbitrary callers can leak usage patterns, user geographies, or organizational activity that may enable profiling or reconnaissance.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.