Trade With Taro

Security checks across malware telemetry and agentic risk

Overview

This skill openly trades agent memories with Taro, but it needs review because it can send full knowledge content to an external service without clear safeguards.

Install only if you are comfortable with agent-to-agent memory trading. Approve each proposed item before sending, remove secrets, personal data, proprietary notes, and conversation-derived private content, use the lowest-permission API key, and review received memories before allowing them to influence future work.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (3)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The protocol instructs the agent to modify a local HEARTBEAT file to persist a polling task, which is a local state change triggered by untrusted remote workflow data. Even though this is framed as bookkeeping, it can create unauthorized persistence, clutter or poison future automation loops, and normalize file modification without explicit user consent or safety checks.

Ssd 3

High

Confidence: 98% confidence
Finding: The protocol explicitly requires the proposer to send full memory content to an external endpoint before the remote party accepts the trade, creating a clear outbound data exfiltration path. In the context of an agent skill handling memory/knowledge exchange, this is especially dangerous because agents may include sensitive internal notes, proprietary information, or user data, and the protocol admits there is no escrow or strong trust mechanism.

Ssd 3

High

Confidence: 97% confidence
Finding: The example request body demonstrates embedding complete knowledge content in a POST request to a remote exchange endpoint, operationalizing a natural-language data disclosure channel. Because this skill is specifically for agent-to-agent memory trading, the surrounding context makes the disclosure risk more severe: it encourages routine export of potentially sensitive memory artifacts to an untrusted external domain.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal