Back to skill

Security audit

Local MCP Server

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a disclosed local MCP utility that grants powerful file and shell access, so it is not risk-free but does not show artifact-backed malicious or deceptive behavior.

Install only if you intend to give an MCP-connected model local file and shell tools. Keep it bound to localhost, restrict allowed paths to a test or project directory, avoid secrets directories, require confirmation before command execution, and do not rely on command blocklists as your only control.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The README advertises that the MCP server lets local models read files, execute bash commands, and search the filesystem, but it does not prominently warn users that connecting an LLM to shell and file-access tools can enable destructive or privacy-impacting actions if the model is misused, prompt-injected, or misconfigured. In this context, the risk is elevated because the skill is explicitly designed to expose powerful local capabilities to AI models, and the brief mention of sandboxing/forbidden commands is not a sufficient safety warning or threat description.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly advertises file reading and bash execution capabilities but does not provide an upfront warning about the security consequences of granting an AI-driven MCP server access to the local filesystem and shell. In this context, a local MCP server connected to a model can expose sensitive files, execute destructive commands, or enable privilege abuse if the model, user prompt, or surrounding tooling is compromised or misused.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.