Back to skill

Security audit

sluice

Security checks across malware telemetry and agentic risk

Overview

This is a local secret-scanning guard for outbound text, with no network behavior, but users should avoid running its benchmark on private local drafts unless intended.

Install is reasonable for local outbound-message checks. Treat scanned content as sensitive, pass only drafts or files you intend to inspect, and avoid running bench.py unless you understand it will try to scan hardcoded /home/workloft publication and draft paths.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill documentation describes a tool that scans outbound content for secrets and private identifiers, which inherently implies reading files and potentially inspecting environment-derived content, yet the skill declares no permissions. This mismatch is dangerous because it can cause operators or policy engines to under-trust the actual access the skill requires, weakening least-privilege review and enabling broader-than-expected data exposure during use.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The benchmark explicitly scans real local publication and draft files under /home/workloft, which exceeds a narrow self-contained benchmark and accesses unrelated local content. Even though it only prints aggregate counts and file paths with detector labels, this still creates unnecessary data access to potentially sensitive drafts and published content, increasing privacy and scope-creep risk for a skill whose purpose is outbound message guarding.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
bench.py:40