Back to skill

Security audit

Content Strategy Analyzer

Security checks across malware telemetry and agentic risk

Overview

This skill fetches a user-provided website and creates local content-planning files, with ordinary caution needed around what URL and output paths are used.

Install dependencies in a virtual environment, use only public websites you intend the agent to fetch, avoid localhost/private/cloud-metadata URLs, and keep output files in a normal workspace path so generated JSON or Excel files do not overwrite important files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill clearly instructs use of network access to crawl a user-supplied URL and file-write access to generate an Excel file, but it does not declare those capabilities or permissions. Undeclared external access and local file creation reduce transparency and can lead to misuse, including unexpected outbound requests or writes to the local workspace.

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The documented behavior materially overstates what the skill does and omits significant functionality, including spreadsheet generation and limited single-page crawling rather than full analysis. This kind of mismatch is dangerous because users and calling systems may grant trust or permissions based on the description, while the actual behavior can produce misleading outputs or trigger actions the user did not reasonably expect.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The skill omits a clear warning that it will send requests to a user-provided website and write an Excel file locally. Even if those actions are core to the workflow, failing to disclose them can surprise users, cause unintended interaction with external systems, and create local artifacts containing potentially sensitive analysis data.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script performs a server-side request to an arbitrary user-supplied URL with no validation, allowlisting, or restriction on reachable hosts. In practice this creates SSRF risk: an attacker could supply internal, cloud-metadata, localhost, or other sensitive endpoints and cause the agent environment to fetch data it should not access.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.