Readme Template

Security checks across malware telemetry and agentic risk

Overview

The skill is presented as a README template helper, but the supplied scan evidence describes a broader local data-management script with persistent storage and logging that users would not reasonably expect.

Review this package carefully before installing. Treat it as a local data-storage utility rather than just a README generator, and avoid entering secrets or sensitive text unless the storage paths, retention behavior, and logging controls are clearly documented.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 74% confidence
Finding: The skill metadata declares no permissions, yet the skill appears to rely on shell execution and network-capable behavior. That mismatch reduces transparency and can cause an agent or user to invoke functionality with broader capabilities than expected, increasing the risk of unintended command execution or external access.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 92% confidence
Finding: The declared purpose is a README template generator, but the analyzed behavior includes persistent local storage, logging, database-like entry management, and generic operational commands unrelated to README generation. This description-behavior mismatch is dangerous because it hides materially broader functionality from users and reviewers, making it easier for data collection, persistence, or command execution features to operate without informed consent.

Description-Behavior Mismatch

High

Confidence: 96% confidence
Finding: The script's behavior materially differs from the declared skill purpose: instead of generating README templates, it implements a generic local data collection and logging CLI. In an agent/skill ecosystem, this kind of capability mismatch is dangerous because users and orchestrators may grant trust or invoke it under false assumptions, enabling undisclosed persistence of user input and activity.

Intent-Code Divergence

Medium

Confidence: 94% confidence
Finding: The inline comments and help text reinforce that this is a 'multi-purpose utility tool' rather than a README template generator, confirming a deceptive or misleading presentation of the skill. Misleading documentation increases the risk that operators will run the script with inappropriate trust, overlooking that it stores data and exposes broader functionality than expected.

Missing User Warnings

Low

Confidence: 81% confidence
Finding: The logging helper writes command context to a persistent history file without clear disclosure in the user-facing help text. While this is local-only persistence, it can still capture sensitive arguments or usage patterns and is more concerning here because the skill already misrepresents its purpose.

Missing User Warnings

Low

Confidence: 84% confidence
Finding: The add command stores arbitrary user input in a persistent file without prior disclosure, which can surprise users and retain potentially sensitive content on disk. In the context of a mislabeled skill, undisclosed storage is more dangerous because users may not realize they are interacting with a local data manager rather than a template generator.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal