Back to skill

Security audit

Iaiops Renewables

Security checks across malware telemetry and agentic risk

Overview

The skill mostly describes a renewables monitoring workflow, but it claims to be read-only while listing publish/export/write-style tools in an industrial energy context.

Install only if you understand which external iaiops MCP tools will actually be exposed. Treat this as not strictly read-only unless the publisher clarifies or technically disables publish, push, stream, and export functions for this edition.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The manifest promises a read-only tool surface, but the documented tool list includes clearly write-capable operations such as `mqtt_publish`, `stream_publish`, `stream_publish_event`, `historian_push`, and `export_data`. In an ICS/OT renewables context, this mismatch can cause an agent or operator to grant broader trust than warranted, enabling unintended command, data injection, or exfiltration paths through supposedly safe tooling.

Intent-Code Divergence

High
Confidence
96% confidence
Finding
The workflow section states the edition is fully read-only, but earlier sections enumerate non-read-only functions, creating a deceptive safety boundary for users and downstream agents. In power-generation environments, even publish-only or historian/stream write paths can alter operational data flows, poison monitoring, or trigger unsafe automation decisions based on injected telemetry.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.