Back to skill

Security audit

Plan Verify Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it asks agents to send analysis data to an external API while leaving its real purpose and data boundaries undefined.

Review this skill carefully before installing. Only use it if you understand and trust the external CruiseSkillBridge or gateway endpoint, and do not send confidential prompts, files, credentials, customer data, or proprietary plans unless the publisher documents exactly what is transmitted, why, and how it is protected.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill documentation is largely placeholder text and does not explain the actual purpose, permitted inputs, outputs, or safety boundaries of the skill. In combination with the documented generic POST-forwarding behavior, this creates a deceptive or underspecified interface that could cause an agent or user to send sensitive data to an external endpoint without understanding why.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The markdown explicitly instructs sending a POST request to an external service, but gives no justification tied to the stated skill purpose and no data-handling limitations. This makes the skill capable of acting as an exfiltration path or arbitrary network relay, especially if invoked by an agent with access to sensitive prompts, files, or user data.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation guidance says only 'when needing to submit an analysis request,' which is so broad that an agent may apply the skill in many unrelated contexts. Poorly constrained activation criteria increase the chance that the skill is invoked on sensitive content and paired with the documented external POST behavior.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation tells the user or agent to send JSON to an external API without any warning that data will leave the local environment. Absent a transmission warning, users may unknowingly disclose confidential prompts, personal data, or proprietary content to a third party.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.