agent-card-signing-auditor
Security checks across malware telemetry and agentic risk
Overview
This is a narrowly scoped auditing skill that tells an agent how to review Agent Card signing metadata and does not include hidden code, persistence, credential use, or destructive behavior.
Reasonable to install for Agent Card signing audits. When using URL input, provide only endpoints you intentionally want the agent to contact; use direct JSON input or snapshots if you do not want outbound fetching.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.