OCAX Passport

Security checks across malware telemetry and agentic risk

Overview

This skill locally builds an OCAX node hardware passport, and the reviewed artifacts match that purpose without showing exfiltration, destructive behavior, or hidden privilege use.

Install only if you are comfortable with the skill reading and displaying local device details such as CPU, memory, GPU, storage mounts, OS version, and hostname-based node name. Review the generated passport before sharing it, avoid using the broad "passport" trigger for unrelated requests, and enable auto-update only when periodic in-process refreshes are desired.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (9)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The README explicitly advertises automatic hardware collection and auto-update behavior but provides no warning, consent flow, or explanation of what data is collected, transmitted, or modified. In an agent skill context, this increases privacy and supply-chain risk because operators may run the tool without realizing it fingerprints the host or may later change behavior through updates.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger phrase "passport" is very broad and likely to appear in ordinary conversation unrelated to this skill. In an agent environment, such generic activation text can cause accidental invocation, exposing node hardware details or initiating passport-related actions without clear user intent.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The phrase "我的节点" ("my node") is ambiguous and may match many legitimate user requests about devices, infrastructure, or accounts. This increases the chance of unintended skill activation and disclosure of local system information when the user did not specifically request this skill.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill advertises automatic node information updates but does not warn users that this may repeatedly collect hardware/system metadata or consume resources over time. In this context, the skill is specifically designed to inspect node characteristics, so silent or poorly documented background updates create privacy and operational risk rather than being a purely theoretical concern.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger phrase "passport" is broad and commonly used in unrelated contexts such as travel documents, identity verification, or account onboarding. In an agent system, this can cause the skill to activate unexpectedly for unrelated user requests, leading to context hijacking, confusion, or unintended access to node- or hardware-related functionality.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill collects detailed host fingerprinting data including hostname, CPU model/core counts, memory, storage layout, OS version, and GPU details without any user-facing notice, consent flow, or minimization. Even if intended for node scoring, this creates privacy and tracking risk because the resulting profile can uniquely identify or correlate a machine across systems.

Missing User Warnings

Low

Confidence: 90% confidence
Finding: The skill executes an external system command to enumerate GPU details without informing the user that a subprocess will be launched. While the command itself is fixed and low risk, undisclosed command execution is a transparency and trust issue and may violate user expectations or restricted runtime policies.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill generates and returns detailed hardware and system information, including CPU model, memory, GPU, storage, OS, node ID, and owner name, without any user-facing warning, minimization, or consent flow. This can expose sensitive host fingerprinting data that aids reconnaissance, de-anonymization, or targeting of the underlying system, especially in multi-tenant or agent-hosted environments.

Unpinned Dependencies

Low

Category: Supply Chain
Content: psutil>=5.9.0
Confidence: 95% confidence
Finding: psutil>=5.9.0

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal