Operator Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly aligned with its collaborative-session purpose, but its session storage and update controls are too loosely scoped for a tool that persists and mutates shared agent state.

Review before installing. Use only with non-sensitive collaborative session data in an isolated workspace unless the maintainer adds strict sessionId validation, packaged and auditable signature verification, participant allowlists, and clear purge or retention controls.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

Medium

Confidence: 96% confidence
Finding: The code verifies that the update was signed by the supplied public key, but it never checks that this key is authorized for the target session. An attacker can generate their own keypair, sign arbitrary CRDT updates, and append them to any existing session if they know or guess the sessionId, resulting in unauthorized modification and possible corruption of shared state.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill explicitly advertises persistent on-disk storage, append-only logs, and crash recovery, but does not disclose that session contents may be written to disk and retained over time. In an agent setting, collaborative sessions can contain prompts, secrets, tokens, or user data, so omission of retention and storage warnings can lead to unintended sensitive-data persistence and privacy/compliance issues.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal