Back to skill

Security audit

Character Manager

Security checks across malware telemetry and agentic risk

Overview

This is a local novel-character YAML manager whose file access, export, and delete features are disclosed and fit its purpose, though users should keep it pointed at project folders.

Install it only for projects you trust, review or pin dependency versions if reproducible installs matter, and use --project and --output only inside your novel workspace or a version-controlled folder so accidental reads, overwrites, or deletes can be reversed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill documentation describes file read/write behavior via `--project` and `--output`, but the skill declares no permissions. This creates a trust gap: an agent or user may invoke a filesystem-capable tool without an explicit permission boundary, increasing the risk of unintended access to arbitrary local paths if path handling is weak or misused.

Tp4

High
Category
MCP Tool Poisoning
Confidence
83% confidence
Finding
The documented purpose and exposed behavior do not fully align: the skill can delete files and export data beyond the narrow create/edit/query framing, while some advertised commands or formats appear inconsistent. This mismatch is dangerous because agents may make unsafe assumptions about what the tool can do, leading to destructive operations or data handling that exceeds user expectations.

Unpinned Dependencies

Low
Category
Supply Chain
Content
pyyaml>=6.0.1
rich>=13.7.0
Confidence
97% confidence
Finding
pyyaml>=6.0.1

Unpinned Dependencies

Low
Category
Supply Chain
Content
pyyaml>=6.0.1
rich>=13.7.0
Confidence
97% confidence
Finding
rich>=13.7.0

Known Vulnerable Dependency: pyyaml — 8 advisory(ies): CVE-2019-20477 (Deserialization of Untrusted Data in PyYAML); CVE-2020-1747 (Improper Input Validation in PyYAML); CVE-2020-14343 (Improper Input Validation in PyYAML) +5 more

Critical
Category
Supply Chain
Confidence
93% confidence
Finding
pyyaml

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.