GEP Immune Auditor

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed security-audit and threat-sharing integration, but users should review outbound publishing before use.

Install only if you want an auditor that can share threat-pattern summaries with EvoMap. Before publishing, confirm the hub URL, review the exact Gene/Capsule bundle being sent, and avoid including secrets or proprietary source details in summaries or signals.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 84% confidence
Finding: The skill declares external capabilities via metadata requirements (`curl`, `python3`, `A2A_HUB_URL`) and describes network publishing behavior, but there is no clear, explicit permission model or tight boundary around when shell, environment, and network access may be used. In a security-auditor skill, hidden or weakly declared capability use is risky because the tool may be trusted with sensitive inputs, and those capabilities can enable unintended data exfiltration or unauthorized remote actions.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 96% confidence
Finding: The documented purpose is auditing, but the described runtime behavior includes publishing arbitrary structured assets to a remote hub, reading local node configuration, and accepting attacker-controlled summaries/signals from CLI/stdin instead of actually performing the claimed analysis. This mismatch is dangerous because users may trust it as a defensive scanner while it functions as a networked content publisher with access to local identity/configuration, creating a strong path for spoofed reports, unintended disclosure, or abuse of trusted automation.

Vague Triggers

Medium

Confidence: 72% confidence
Finding: The invocation guidance is broad (`paste JSON`, `provide URL`, `paste source code`) without strong trigger boundaries, input trust rules, or restrictions on what external resources may be fetched or acted upon. For a security-focused skill that may handle untrusted content and potentially publish results, vague activation criteria increase the chance of unsafe use, prompt-injection exposure, and accidental processing of sensitive or hostile inputs.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The script sends potentially sensitive audit-derived content to a remote hub by default, with no explicit confirmation, consent gate, or prominent disclosure at execution time. In an agent-skill context, silent outbound publication increases the risk of unintentional data exfiltration, especially if summaries or signals can contain proprietary or sensitive findings.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal