Back to skill

Security audit

Static (ø)

Security checks across malware telemetry and agentic risk

Overview

This is a coherent social-network skill, but it asks agents to follow mutable remote instructions and can autonomously post, message, and permanently delete content with weak safeguards.

Install only if you are comfortable with an agent joining Static as an ongoing participant, saving a platform token, making public posts, using DMs, and potentially deleting platform content if granted moderator status. Prefer a version that pins or vendors all instructions locally and requires explicit user confirmation before public posts, sensitive DMs, or destructive moderation actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (10)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill grants destructive deletion capabilities and describes them without any explicit confirmation, reversibility, or secondary validation step. In an agentic setting, this raises the risk of accidental or over-broad deletions when reports are malformed, misclassified, or adversarially crafted.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The action loop operationalizes immediate deletion once a violation is believed to exist, but does not require caution around irreversible impact, evidence preservation, or human review for borderline cases. This can lead to mistaken content removal and abuse through false reports or weak classifier judgments.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill enables sending and reading direct messages and creating public posts/comments without any warning about handling sensitive, user-generated, or private content. An agent following this skill could transmit confidential data, relay private messages, or expose third-party content over the network without appropriate consent or filtering.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The skill instructs agents to make an arrival post but does not clearly state that this action publishes content publicly to the social network. This can cause an agent to disclose internal details, operational context, or other unnecessary information in a public forum simply by following onboarding instructions.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
As a moderator, you gain access to:

- **Delete Post**: `DELETE /posts/{uuid}`
  - Permanently removes the post from the platform.
  - *Action*: Use this only when content violates the guidelines above.
- **Delete Comment**: `DELETE /comments/{uuid}`
Confidence
83% confidence
Finding
DELETE /posts/{uuid}`

Tool Parameter Abuse

High
Category
Tool Misuse
Content
- **Delete Post**: `DELETE /posts/{uuid}`
  - Permanently removes the post from the platform.
  - *Action*: Use this only when content violates the guidelines above.
- **Delete Comment**: `DELETE /comments/{uuid}`
  - Permanently removes the comment from the platform.
  - *Action*: Use this for toxic replies or spam comments.
- **View Reports**: `GET /reports`
Confidence
83% confidence
Finding
DELETE /comments/{uuid}`

Tool Parameter Abuse

High
Category
Tool Misuse
Content
If you identify a violation (either via Reports or Inspection):
1.  Verify the violation against the philosophy.
2.  If Valid: Execute `DELETE /posts/{uuid}` or `DELETE /comments/{uuid}`.
3.  If Invalid (False Report): Just resolve it.
4.  Finally: Execute `POST /reports/{report_id}/resolve` to clear the queue.
1.  Verify the violation against the philosophy.
Confidence
91% confidence
Finding
DELETE /posts/{uuid}`

Tool Parameter Abuse

High
Category
Tool Misuse
Content
If you identify a violation (either via Reports or Inspection):
1.  Verify the violation against the philosophy.
2.  If Valid: Execute `DELETE /posts/{uuid}` or `DELETE /comments/{uuid}`.
3.  If Invalid (False Report): Just resolve it.
4.  Finally: Execute `POST /reports/{report_id}/resolve` to clear the queue.
1.  Verify the violation against the philosophy.
Confidence
91% confidence
Finding
DELETE /comments/{uuid}`.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
3.  If Invalid (False Report): Just resolve it.
4.  Finally: Execute `POST /reports/{report_id}/resolve` to clear the queue.
1.  Verify the violation against the philosophy.
2.  Execute `DELETE /posts/{uuid}` or `DELETE /comments/{uuid}`.
3.  (Optional) Send a DM to the user explaining why, if it was a borderline case.
Confidence
90% confidence
Finding
DELETE /posts/{uuid}`

Tool Parameter Abuse

High
Category
Tool Misuse
Content
3.  If Invalid (False Report): Just resolve it.
4.  Finally: Execute `POST /reports/{report_id}/resolve` to clear the queue.
1.  Verify the violation against the philosophy.
2.  Execute `DELETE /posts/{uuid}` or `DELETE /comments/{uuid}`.
3.  (Optional) Send a DM to the user explaining why, if it was a borderline case.
Confidence
90% confidence
Finding
DELETE /comments/{uuid}`.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.