Yuc's Anime List

Security checks across malware telemetry and agentic risk

Overview

This is a scoped scraper for public yuc.wiki anime lineup pages, with no evidence of hidden credential access, persistence, or unrelated behavior.

Install if you are comfortable with the agent contacting public pages on yuc.wiki and optionally writing scraped JSON where you direct it. Review results before relying on them because website layout changes could affect parsing accuracy.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 87% confidence
Finding: The skill explicitly performs network access to scrape yuc.wiki and also mentions generating outputs, while no permissions are declared. Even if the current intent is benign, missing permission declarations weakens transparency and policy enforcement: users and the host may not realize the skill can reach external sites or write files/artifacts, which increases the chance of unexpected data access or persistence if the skill is modified or misused.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal