Back to skill

Security audit

Competitor Radar

Security checks across malware telemetry and agentic risk

Overview

This skill mostly performs competitor monitoring as advertised, but it embeds an API key and sends AI-scoring prompts to an undisclosed local LLM gateway.

Review or edit the LLM configuration before installing. Prefer running with --no-ai unless you trust the local service at 127.0.0.1:18790, remove and rotate the embedded key, and avoid the undocumented _write_radar.py helper.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill advertises executable behavior that implies file access, network access, environment access, and report writing, but it declares no permissions at all. This creates a transparency and governance gap: users and platforms cannot accurately assess what resources the skill will touch, increasing the chance of overbroad or unexpected data access during execution.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
This is a significant behavior mismatch: the skill claims to monitor public competitor sources, but analysis indicates it also contains hardcoded sensitive credentials and sends collected content to an external or local LLM endpoint, including a localhost service on 127.0.0.1:18790 that is not disclosed. Hardcoded API keys are secret exposure risks, and undisclosed outbound transmission or localhost access can leak data, bypass user expectations, and interact with sensitive local services.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The file embeds a hardcoded API key and an outbound LLM endpoint, which creates direct credential exposure and unauthorized model-calling capability. Anyone with access to the skill source can recover and reuse the key, and the code can transmit collected content to an external service without meaningful control or rotation hygiene.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The code hardcodes an API key and uses it to call a local Anthropic-compatible LLM service. Embedded secrets are recoverable by anyone with code access and can enable unauthorized use of the backing model service; additionally, competitor data and fetched content are transmitted to that service without explicit disclosure.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The code sends prompt content derived from monitored competitor data to an LLM endpoint without any visible disclosure, opt-in, or data handling control. Even though the endpoint is localhost, it still represents a separate service boundary and can expose scraped content, internal prompts, and derived analysis to another component that may log or forward data.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.