Agent Security Auditor

Security checks across malware telemetry and agentic risk

Overview

This skill is a user-run ERC-8004 audit tool whose network calls and optional report output match its stated security-auditing purpose.

Install only if you are comfortable with a CLI tool contacting an Ethereum RPC endpoint and agent-controlled metadata URLs. Use a trusted or dedicated RPC URL for sensitive audits, avoid sharing terminal logs if your RPC URL contains an API key, and be aware that unusual lookups may consume RPC quota.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 93% confidence
Finding: The skill instructs users to supply a custom RPC URL but does not warn that RPC providers can observe queried agent addresses, timestamps, and related usage metadata. While this does not directly compromise keys or execute unsafe actions, it can leak sensitive operational or investigative patterns to third-party infrastructure, especially in a security-auditing context.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal