Back to skill

Security audit

Mcp Builder

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate MCP server-building guide with optional evaluation scripts; the main risk is careful handling of API keys, logs, and test-tool access.

Install this only if you want MCP server development guidance. When using it, run the evaluation script only against trusted test servers, use read-only evaluation questions, pass least-privilege tokens, avoid logging raw user queries, and prefer OAuth, managed secrets, or environment variables over conversationally collecting long-lived API keys.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill instructs the agent to create MCP servers, fetch remote documentation, and produce evaluation artifacts, which implies external connectivity and file creation behavior, yet it declares no permissions. That mismatch can cause the skill to be run with capabilities the user or platform did not explicitly consent to, reducing transparency and increasing the chance of unintended writes or network interactions.

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The declared description presents the skill as a development guide, but the detected behavior includes acting as an MCP client, connecting to local/remote servers, invoking tools, handling headers/environment variables, and running automated evaluations through external APIs. This hidden expansion of operational scope is dangerous because it can expose secrets, interact with unintended services, or trigger actions beyond what a user expects from a documentation-oriented skill.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The guide explicitly demonstrates collecting an API key via `ctx.elicit(..., input_type="password")` and then using it in an outbound API call, but it does not include any warning or guidance about secure credential handling, storage avoidance, scope minimization, redaction, or user consent for transmission. In a security-sensitive implementation guide, this omission can normalize unsafe patterns and lead downstream developers to build tools that solicit secrets and transmit them to third parties without adequate safeguards.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.