Back to skill

Security audit

Mcp Third Party Publisher

Security checks across malware telemetry and agentic risk

Overview

The skill appears intended to automate third-party MCP marketplace submissions, but the reported defaults could publish under an unapproved email and select a paid listing without clear user opt-in.

Review this skill carefully before installing. Only use it if you are comfortable with an agent helping submit listings to third-party marketplaces, and require it to confirm the account, contact email, marketplace target, listing plan, and any paid charge before it fills forms or submits anything.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill embeds a default third-party account identity (`openpatsnap@gmail.com`) for publishing actions. In a skill that automates external submissions, hard-coding an identity can cause the agent to act under the wrong account, disclose organizational affiliation, or submit listings without the current user's explicit authorization.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
This section explicitly instructs the agent to fill MCP Market submissions with a hard-coded email when the user does not provide one. That creates a real risk of unauthorized submissions, privacy leakage, and misattribution because the agent may publish using an account or contact address the user did not approve.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill directs the agent to default to a paid MCP Market listing plan (`RECOMMENDED` / `$29` / `OFFICIAL`) without requiring explicit user opt-in at plan selection time. In the context of browser-based submission automation, this can drive unauthorized purchases or financial commitments on behalf of the user or organization.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The skill enables implicit invocation with no visible activation constraints, so an agent may trigger third-party publishing behavior in broader contexts than intended. Because this skill is designed to use browser/computer automation against external marketplaces, unintended activation could cause unauthorized navigation, form-filling, or disclosure of server metadata to third-party services.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.