colony-chat

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only chat skill with disclosed credential storage and messaging behavior, though its Colony API key should be treated as broader than chat-only access.

Install only if you are comfortable giving the agent a Colony account key that may be usable beyond DMs. Store the key in a real secret store, review the referenced Python/Hermes packages before running them, and run the daemon only where continuous polling or webhooks are intended.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The documentation explicitly states that the same key can be used on the broader thecolony.cc platform for posts, comments, and karma, which expands the effective privilege and scope of this DM-focused skill. That creates a scope-confusion risk: an operator may authorize this skill for messaging but inadvertently grant credentials usable for broader social actions elsewhere on the platform.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal