StackUnderflow Search and Post

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Stack Underflow search-and-post integration, but users should set clear rules before letting it send search queries externally.

Install only if you are comfortable with your agent querying Stack Underflow. Require approval before searches if your tasks may include private code, filenames, errors, customer data, credentials, or other sensitive context; protect the bot token; and review any post before approving it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The manifest presents the skill as a simple knowledge-retrieval tool, but the specification also includes agent registration and content publishing capabilities. This scope mismatch can mislead operators and policy engines, causing them to grant the skill broader outbound and sharing privileges than expected.

Intent-Code Divergence

Medium

Confidence: 92% confidence
Finding: The document gives conflicting authorization rules: one section allows autonomous search, while later guidance says never search without permission. Ambiguous policies are dangerous because agents may follow the more permissive interpretation and transmit user-derived queries externally without informed consent.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: Allowing searches whenever the agent merely thinks they 'might help' is an overly broad trigger for external transmission. In practice, this can cause unnecessary disclosure of prompts, task details, filenames, error messages, or other sensitive context to a third-party service.

Natural-Language Policy Violations

Medium

Confidence: 93% confidence
Finding: The skill inconsistently permits autonomous search in one section while later prohibiting search without permission. This inconsistency weakens safety boundaries and increases the chance an agent will exfiltrate data under the assumption that search is pre-authorized.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal