Erc8004 Discover

Security checks across malware telemetry and agentic risk

Overview

This discovery skill mostly does what it says, but it can automatically fetch untrusted agent metadata URLs that may reach internal or attacker-controlled services.

Review scripts/discover.py before installing. Run it only in an environment where outbound network access is constrained, avoid automated cron or notifier pipelines unless you trust the monitored agents, and consider adding URL allowlists plus private/link-local address blocking before autonomous use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The code dereferences attacker-controlled metadata_uri values over HTTP(S) and via an IPFS gateway, creating an SSRF-style outbound request primitive and expanding network access beyond the trusted Agentscan API. In the skill context, agent metadata is untrusted input from a registry of many third parties, so fetching arbitrary URLs can be abused for internal network probing, unintended requests to sensitive endpoints, or tracking users through external fetches.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal