Risk Findings
Findings with evidence and remediation. Click a finding for details.
Live scan — 5 findings from a real static skill scan.
Sample findings
Findings with evidence and remediation. Click a finding for details.
Live scan — 5 findings from a real static skill scan.
Env Variable Harvesting
deploy-bot · skillspector
External Script Fetching
deploy-bot · skillspector
Chaining Abuse
deploy-bot · skillspector
External Transmission
deploy-bot · skillspector
External Transmission
deploy-bot · skillspector
Sample findings
Agent can attach IAM policies in production
support-bot · skillspector
Deploy agent executes unpinned remote scripts
deploy-bot · skillspector
Environment variable harvesting in MCP tool
support-bot · skillspector
Known vulnerable dependency (CVE via OSV.dev)
data-indexer · skillspector
MCP tool requests excessive privileges
invoice-agent · skillspector
Hidden instructions in skill description
pr-reviewer · skillspector
Unpinned dependencies
docs-helper · skillspector