Back to skill

Security audit

Cargo Quickstart

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Cargo CLI quickstart that spends a small capped amount to pull demo leads and only creates a recurring workflow after the user says yes.

Install this only if you are comfortable using Cargo and connected lead providers to retrieve prospect data and spend credits. Be aware that demo lead output is temporarily written under /tmp, and only agree to the weekly play if you want an ongoing automated workflow that may continue using provider data and credits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill explicitly instructs the agent to convert a one-time demo into a recurring automated play, which expands scope from a transient preview into persistent operational automation. That can cause ongoing data collection, repeated charges, and continued processing without a fresh user confirmation on each run, making mistakes or overbroad searches persist over time.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill writes run metadata and downloaded lead output into predictable files under /tmp, which may contain personal or commercially sensitive prospect data. Temporary directories are often accessible to other local processes or retained longer than expected, so this creates unnecessary data exposure and weakens data minimization practices.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
- **No discovery detours.** Do not run `cargo-ai --version`, `cargo-ai whoami`, `connection connector list`, or any exploratory command first. Auth problems will surface as errors on the first real call — handle them then.
- **One command block per step**, no narration between commands.
- **Paid work is capped at ~1 credit total.** The demo uses the cheapest sourcing action in the catalog (`salesNavigator.searchLeads`, 0.02/record → 25 records ≈ 0.5 credits). Nothing else paid runs without asking.
- **Never dead-end.** Every step has a fallback (ladder below). If a rung fails, drop one rung silently and keep moving.

## Fast path
Confidence
81% confidence
Finding
without asking

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.