Security audit

aicade-create-service

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed AICADE admin request builder that can use local credentials to print signed curl commands, but it does not install hooks, persist, or call the API by itself.

Install only if you intend your agent to prepare AICADE service-management requests. Review every generated curl before running it, especially disable requests, and treat generated commands as sensitive because they may include an API key and signature. Prefer placeholders for upstream service secrets unless you intentionally provide real values.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (8)

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: The skill instructs the agent to inspect the local environment for AICADE credentials as part of a guided intake flow, even though the user may only be asking to prepare a request. This creates an unnecessary secret-access path and expands the skill from user-mediated data collection into silent retrieval of local sensitive data.

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: The skill explicitly instructs the agent to read locally available API credentials and use them without explicit user confirmation. This creates a secret-handling and consent problem: an agent may access sensitive environment values the user did not intend to expose in this workflow, and then use them to produce authenticated administrative requests.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The example manifest configures an outbound API key to be sent in the URL query string via `authLocation: QUERY` and `queryParam: key`. Query parameters are commonly captured in logs, monitoring systems, browser history, intermediary proxies, and error traces, so this increases the chance of credential disclosure even if the placeholder value is substituted securely at runtime. In this service-registration context, the example may encourage downstream users to deploy an insecure credential transport pattern.

Missing User Warnings

Medium

Confidence: 99% confidence
Finding: The instructions explicitly say to use locally stored API credentials and not ask the user to confirm them. That bypasses informed consent and can lead to secrets being used in generated signed curl output or downstream operations without the user's awareness.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The document gives operational instructions for registering, updating, and disabling gateway services but does not prominently warn that these actions change live service configuration and can disrupt production traffic. In an agent skill context, that omission increases the chance of unintended destructive changes because an automated agent may execute these steps as routine API calls without adequate user confirmation.

Missing User Warnings

Medium

Confidence: 83% confidence
Finding: The authentication guidance instructs use of API keys and HMAC secret-key signing, including acceptance of a compatibility alias for the secret, but provides no warning about sensitive credential handling. In a skill consumed by an agent, this can normalize collecting, echoing, logging, or mishandling secrets in prompts or generated curl commands, increasing the risk of credential exposure and unauthorized administrative access.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: Using locally stored API credentials without disclosure or warning bypasses informed user approval and can cause the agent to act with unintended privileges. In this context, the credentials authorize service-management operations, including disable actions, so silent use materially increases the risk of unauthorized administrative changes.

Ssd 3

Medium

Confidence: 98% confidence
Finding: Automatically consuming local API keys and secret keys without confirmation increases the risk that sensitive values will be exposed in generated artifacts, logs, prompts, or displayed command lines. Because the skill's end product is a signed curl command, the risk of accidental secret propagation is especially concrete.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.