Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 70% confidence
- Finding
- Without declared permissions the skill's intent is opaque and cannot be validated.
Multi Agent Coordinator Zhuyu28
Security checks across malware telemetry and agentic risk
Overview
This is a straightforward multi-agent coordination helper that only stores local task/session state and shows no hidden network, credential, or destructive behavior.
Safe for ordinary coordination use. Before installing, remember that task descriptions and results can be saved in a local JSON file, so avoid putting secrets or sensitive personal data into sessions unless you control where that file is stored and clean it up when finished.
SkillSpector
By NVIDIA
Vulnerability Patterns
- MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)
VirusTotal
64/64 vendors flagged this skill as clean.