Back to skill

Security audit

Model Setup

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it can permanently change local model/agent configuration and send API keys to any configured endpoint without strong path or host guardrails.

Install only if you trust the publisher and will verify each config path, agent path, and Base URL before running it. Use trusted HTTPS model endpoints, assume the supplied API key will be stored in local model configuration and sent during tests, and manually back up any default or agent-specific config.json files before changing them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill instructs the agent to read and write configuration files and execute shell commands, but it declares no permissions. This creates a dangerous mismatch between the skill's documented behavior and its security boundary, increasing the chance that a user or host system will run a file-modifying, shell-capable workflow without explicit authorization or review.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script sends the supplied API key in an Authorization header to a baseUrl taken directly from provider_config, with no allowlist, trust check, or user-facing confirmation. An attacker who can influence the configuration can direct requests to a malicious or internal endpoint, causing credential exfiltration and potentially SSRF-style access to internal services; in this skill context, testing arbitrary model providers makes that risk more dangerous because sending secrets to remote endpoints is the core behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.