Math Modeling Contest Route Selection

Security checks across malware telemetry and agentic risk

Overview

This skill is a math-contest planning helper with bundled reference material and a local scoring script, and I found no evidence of hidden data access, exfiltration, or unsafe automatic actions.

Install if you want a structured contest-topic selection workflow. Review the JSON you pass into the scoring script and choose output paths deliberately; it does not need credentials or privileged access.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill instructs the agent to read multiple reference files and run a local script, which implies file_read and file_write/code-adjacent capabilities, but no permissions are declared. This creates a trust and policy gap: the runtime may allow filesystem access that reviewers and users cannot see, increasing the risk of unauthorized local file access or modification if the skill is reused in a broader environment.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal