Back to skill

Security audit

Shoofly Basic

Security checks across malware telemetry and agentic risk

Overview

Shoofly Basic is a real security-monitoring skill, but it needs Review because it persistently observes tool activity and can send alert content through local and external channels without tight scoping or redaction controls.

Install only if you want an always-on monitor that records security evaluations locally and may send alert text to configured messaging channels. Before using it, verify the notifier path, restrict notification channels to ones you control, avoid including secrets in alerts or logs, and periodically delete or protect ~/.shoofly/logs/alerts.log.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
79% confidence
Finding
The skill requires shell-capable behavior such as invoking notification helpers, curl, and writing logs, but it does not declare permissions for those capabilities. This creates a transparency and policy-enforcement gap: users and hosting frameworks cannot accurately assess or constrain what the skill may do before activation.

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
The stated purpose is passive security monitoring, but the skill also instructs the agent to read local config, log all tool activity, emit notifications, and send messages through multiple channels. That mismatch is dangerous because users may enable the skill expecting observation only, while it actually introduces broad data handling and outbound communication paths that can leak sensitive content.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The notification template hard-codes promotional advertising for Shoofly Advanced into security alerts. Embedding unsolicited marketing into security events is inappropriate and can manipulate operator behavior during incident handling, reducing trust in alerts and creating an incentive to over-trigger notifications.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill directs persistent logging of every tool call, including arguments and results, to a file in the user's home directory without any consent, minimization, or redaction requirements. Tool arguments and results commonly contain secrets, personal data, file contents, and tokens, so this creates a durable local cache of sensitive information that other processes or users could access.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script can forward notification contents to external messaging services during auto-discovery without any confirmation, classification, or redaction at the transmission point. If alerts include sensitive prompts, secrets, filenames, or incident details, this can cause unintended data exfiltration to third-party platforms.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.