Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 70% confidence
- Finding
- Without declared permissions the skill's intent is opaque and cannot be validated.
Publish Guard
Security checks across malware telemetry and agentic risk
Overview
Publish Guard is a local pre-release audit tool whose repo scanning and secret-pattern checks match its stated purpose.
Install if you want a local publish-readiness audit. Run it against a specific repo rather than your home directory or filesystem root, and treat generated reports as sensitive because they can contain filenames and line numbers for secret findings even when snippets are redacted.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)
Credential Access
High
- Category
- Privilege Escalation
- Content
from pathlib import Path TEXT_EXTENSIONS = { ".cer", ".env", ".ini", ".js", ".json",- Confidence
- 60% confidence
- Finding
- .env"
Credential Access
High
- Category
- Privilege Escalation
- Content
return True if lower_name in TRACKED_TEXT_FILENAMES: return True return lower_name == ".env" or lower_name.startswith(".env.") def under_size_limit(path: Path) -> bool:- Confidence
- 60% confidence
- Finding
- .env"
VirusTotal
66/66 vendors flagged this skill as clean.