Atoship

Security checks across malware telemetry and agentic risk

Overview

Atoship is mostly transparent and purpose-aligned, but it incorrectly treats remote order creation as a read-only action that can run without confirmation.

Review this skill before installing. Use a test key or small wallet balance, keep the API key private, and require explicit confirmation not only for label purchases and voids but also before creating orders or any other remote state-changing action.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 96% confidence
Finding: The skill explicitly classifies `create_order` as a read-only action that is safe to call without confirmation, but the API reference defines it as a `POST /api/v1/orders` operation that creates state on the remote service. Mislabeling a state-changing endpoint as read-only can cause an agent to autonomously create orders without user consent, leading to unintended transactions, workflow triggers, or downstream billing/logistics effects.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal