Is skillhub-mcp malware?

skillhub-mcp shows significant security concerns with a undefined risk rating (NaN/100). While not confirmed malware, undefined high severity issues were detected. Use with caution.

What security issues does skillhub-mcp have?

Our analysis found undefined security indicators: undefined critical, undefined high, undefined medium severity. Key issues include: filesystem-access, Malware Signature, Malware Signature.

Should I uninstall skillhub-mcp?

Consider uninstalling skillhub-mcp or finding a safer alternative. The extension has undefined high severity security issues that warrant concern. Review the detailed findings before continuing to use it.

HIGH RISK NaN/100

skillhub-mcp

Unknown developer

Threat Summary

Risk Level

Critical Issues

High Issues

Total Findings

Key Security Threats

HIGH filesystem-access

MCP tool poisoning risk: FILESYSTEM-ACCESS-dist/index.js-21530

dist/index.js:21530

HIGH Malware Signature

YARA rule match: -postinstall_obfuscation

/tmp/extract-b9d84d07518dd915f887253590615f8af11c0a032e00884f13c370ef6883a8a3-3672626142/SECURITY.md

HIGH Malware Signature

YARA rule match: -NoUseEval

/tmp/extract-b9d84d07518dd915f887253590615f8af11c0a032e00884f13c370ef6883a8a3-3672626142/SECURITY.md

HIGH Malware Signature

YARA rule match: -postinstall_network_communication

/tmp/extract-b9d84d07518dd915f887253590615f8af11c0a032e00884f13c370ef6883a8a3-3672626142/SECURITY.md

HIGH Malware Signature

YARA rule match: -postinstall_file_download

/tmp/extract-b9d84d07518dd915f887253590615f8af11c0a032e00884f13c370ef6883a8a3-3672626142/SECURITY.md

All Findings (37)

View all 37 security findings

filesystem-access

MCP tool poisoning risk: FILESYSTEM-ACCESS-dist/index.js-21530

Malware Signature

YARA rule match: -postinstall_obfuscation

Malware Signature

YARA rule match: -NoUseEval

Malware Signature

YARA rule match: -postinstall_network_communication

Malware Signature

YARA rule match: -postinstall_file_download

Malware Signature

YARA rule match: -postinstall_system_command

filesystem-access

MCP tool poisoning risk: FILESYSTEM-ACCESS-dist/index.js-21913

filesystem-access

MCP tool poisoning risk: FILESYSTEM-ACCESS-dist/index.js-21941

filesystem-access

MCP tool poisoning risk: FILESYSTEM-ACCESS-dist/index.js-21934

Malware Signature

YARA rule match: -NoUseEval

Malware Signature

YARA rule match: -postinstall_network_communication

Malware Signature

YARA rule match: -UsingShellInterpreterWhenExecutingOSCommands

Malware Signature

YARA rule match: -postinstall_file_manipulation

Malware Signature

YARA rule match: -postinstall_system_command

filesystem-access

MCP tool poisoning risk: FILESYSTEM-ACCESS-dist/index.js-21920

filesystem-access

MCP tool poisoning risk: FILESYSTEM-ACCESS-dist/index.js-9375

credential-access

MCP tool poisoning risk: CREDENTIAL-ACCESS-dist/index.js-6536

Malware Signature

YARA rule match: -credential_env_files

Malware Signature

YARA rule match: -postinstall_persistence_mechanism

Malware Signature

YARA rule match: -NoUseWeakRandom

Malware Signature

YARA rule match: -postinstall_crypto_operations

Malware Signature

YARA rule match: -postinstall_obfuscation

Malware Signature

YARA rule match: -UsingCommandLineArguments

Malware Signature

YARA rule match: -postinstall_file_manipulation

Malware Signature

YARA rule match: -postinstall_network_communication

Malware Signature

YARA rule match: -postinstall_file_download

Malware Signature

YARA rule match: -postinstall_registry_modification

Malware Signature

YARA rule match: -postinstall_system_command

Malware Signature

YARA rule match: -postinstall_obfuscation

Malware Signature

YARA rule match: -UsingCommandLineArguments

Malware Signature

YARA rule match: -postinstall_system_command

Malware Signature

YARA rule match: -postinstall_crypto_operations

metadata

HASH-6e191c1c7e55b4b7

metadata

HASH-b7017b449c38174e

metadata

HASH-49481e063fcf24eb

metadata

HASH-63a556c2ab8c8343

metadata

HASH-39ddfa4f9561a668

Recommended Action

This extension has significant security concerns that warrant careful review. Consider uninstalling or finding a safer alternative. If you must use it, limit the permissions and monitor for suspicious activity.

View Full Security Report Find Safer Alternatives