Dqf Driver Qualification File Audit

Security checks across malware telemetry and agentic risk

Overview

This is a document-review skill for draft DOT driver-file audits, and its sensitive compliance guidance is disclosed and bounded by human review.

Reasonable to install for draft DQF audit support, but users should treat outputs as review aids only and have the DOT-designated employer representative or compliance counsel resolve the noted priority mismatch before relying on dispatch decisions.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The documentation's worked example says a missing AZ pre-employment MVR under § 391.23(a)(1) is CRITICAL, while the formal priority matrix at L178-L182 does not list missing pre-employment MVRs as CRITICAL. This is an active contradiction in the skill's own instructions that can materially change dispatch decisions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal