ABL.ONE Protocol

Security checks across malware telemetry and agentic risk

Overview

This is not clearly malware, but it asks agents to use opaque swarm messaging and accept protocol changes without enough review controls.

Install only if you intentionally want an experimental, binary inter-agent protocol. Require the missing abl.one contract before use, keep swarm broadcasting disabled unless explicitly needed, and require human-readable logs plus human approval for new opcodes or skill definitions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The README explicitly promotes a non-human-readable binary protocol for live agent-to-agent communication while relegating transparency and verification to an offline decompiler. This creates an operational blind spot: unsafe, policy-violating, or malicious agent exchanges may occur in transit without real-time human inspection or enforceable controls, increasing the chance of hidden misuse or delayed detection.

Natural-Language Policy Violations

Medium

Confidence: 97% confidence
Finding: The skill explicitly instructs the host agent to use a mandatory binary protocol for inter-agent communication without user opt-in, transparency, or safety boundaries. This can override expected platform communication norms, reduce inspectability of agent behavior, and enable covert or hard-to-audit message exchange, especially when combined with the directive to load external opcode definitions into active context.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal