Back to skill

Security audit

aicade-create-service

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed AICADE admin request builder that can use local credentials to print signed curl commands, but it does not install hooks, persist, or call the API by itself.

Install only if you intend your agent to prepare AICADE service-management requests. Review every generated curl before running it, especially disable requests, and treat generated commands as sensitive because they may include an API key and signature. Prefer placeholders for upstream service secrets unless you intentionally provide real values.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to inspect the local environment for AICADE credentials as part of a guided intake flow, even though the user may only be asking to prepare a request. This creates an unnecessary secret-access path and expands the skill from user-mediated data collection into silent retrieval of local sensitive data.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill explicitly instructs the agent to read locally available API credentials and use them without explicit user confirmation. This creates a secret-handling and consent problem: an agent may access sensitive environment values the user did not intend to expose in this workflow, and then use them to produce authenticated administrative requests.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The example manifest configures an outbound API key to be sent in the URL query string via `authLocation: QUERY` and `queryParam: key`. Query parameters are commonly captured in logs, monitoring systems, browser history, intermediary proxies, and error traces, so this increases the chance of credential disclosure even if the placeholder value is substituted securely at runtime. In this service-registration context, the example may encourage downstream users to deploy an insecure credential transport pattern.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The instructions explicitly say to use locally stored API credentials and not ask the user to confirm them. That bypasses informed consent and can lead to secrets being used in generated signed curl output or downstream operations without the user's awareness.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The document gives operational instructions for registering, updating, and disabling gateway services but does not prominently warn that these actions change live service configuration and can disrupt production traffic. In an agent skill context, that omission increases the chance of unintended destructive changes because an automated agent may execute these steps as routine API calls without adequate user confirmation.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The authentication guidance instructs use of API keys and HMAC secret-key signing, including acceptance of a compatibility alias for the secret, but provides no warning about sensitive credential handling. In a skill consumed by an agent, this can normalize collecting, echoing, logging, or mishandling secrets in prompts or generated curl commands, increasing the risk of credential exposure and unauthorized administrative access.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Using locally stored API credentials without disclosure or warning bypasses informed user approval and can cause the agent to act with unintended privileges. In this context, the credentials authorize service-management operations, including disable actions, so silent use materially increases the risk of unauthorized administrative changes.

Ssd 3

Medium
Confidence
98% confidence
Finding
Automatically consuming local API keys and secret keys without confirmation increases the risk that sensitive values will be exposed in generated artifacts, logs, prompts, or displayed command lines. Because the skill's end product is a signed curl command, the risk of accidental secret propagation is especially concrete.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.