chitin-moat

Security checks across malware telemetry and agentic risk

Overview

This is a security-oriented configuration helper that reads local channel policy files and gives restrictive agent guidance, with no evidence of hidden data theft, persistence, or destructive behavior.

Installers should treat this as a policy and audit aid rather than a technical sandbox. Review the trust-channel YAML and permission matrix before relying on it, and do not use it as the only control for protecting secrets or blocking risky tool use.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 96% confidence
Finding: In the override path, the returned object sets "level" to the matched channel pattern (`ov["channel"]`) instead of returning only the resolved trust level consistently. This creates inconsistent semantics in a security-sensitive resolver and can cause downstream code or operators to misread the effective permission tier, potentially granting or enforcing the wrong channel trust boundary.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal