'提取高优先级测试用例'

Security checks across malware telemetry and agentic risk

Overview

This skill is a local Excel test-case filtering tool whose file changes are disclosed and aligned with its purpose.

Install if you need a local tool to transform test-case Excel files. Run it on copies or use a distinct output filename, review the output before relying on it downstream, and avoid running the auxiliary hard-coded-path scripts unless you have edited their paths.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill advertises file manipulation and includes Python/openpyxl-based processing of local Excel files, but it does not declare permissions for file access. This creates a trust and sandboxing gap: an agent or platform may under-enforce access controls while the skill still expects to read user files, increasing the risk of unintended file access or confusing consent boundaries.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill states it will unmerge all merged cells, delete columns, filter rows, and renumber test cases while claiming the original format is preserved, but it does not clearly warn that workbook structure will be irreversibly altered in the produced file. Users may assume a non-destructive transformation and unknowingly rely on output that has lost merge semantics, layout meaning, or downstream compatibility.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal