Agnic Get Agent Identity

Security checks across malware telemetry and agentic risk

Overview

This is a narrow Agnic identity-check skill, with expected authentication sensitivity but no evidence of hidden, destructive, or unrelated behavior.

Install this only if you trust the Agnic CLI and are comfortable letting it read your Agnic agent identity status. Prefer setting `AGNIC_TOKEN` as an environment variable, avoid passing tokens on the command line, and do not share outputs that reveal wallet ownership, trust score, or KYA details.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill instructs users to set or pass an authentication token but does not warn that the token is sensitive or should never be exposed in logs, shell history, prompts, or screenshots. In an agent setting, this increases the chance of credential leakage through command output, process arguments, shared terminals, or debugging transcripts, which could enable unauthorized access to the user's Agnic account or agent identity data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal