Verify Submission

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed OpenAnt review helper that can make task review decisions, including escrow-releasing approvals, but its sensitive actions are scoped to that stated purpose.

Install this only if you want an agent to help make OpenAnt application and submission decisions. Give precise acceptance criteria, require an explicit final confirmation for approvals when money or reputation is at stake, and inspect downloaded files without running untrusted code.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Autonomous Decision Making

Medium

Category: Excessive Agency
Content: - **Reviewing applications** — execute when the user has told you the acceptance criteria. - **Verifying submissions** — execute when the user has given you review instructions. - **Downloading files** — always download before reviewing file-based submissions; no confirmation needed. ## Additional Resources
Confidence: 75% confidence
Finding: no confirmation

Autonomous Decision Making

Medium

Category: Excessive Agency
Content: | 3rd | → IN_DISPUTE | Platform arbitration opens; both sides notified | - Reject count does **not** reset if the worker disconnects and re-accepts the task. - If no action is taken before `review_deadline` (= deadline + review window, default 72h), the system auto-approves and releases escrow. ## Status Flow (Human Verification)
Confidence: 85% confidence
Finding: auto-approve

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal