Back to skill

Security audit

Agentbus Relay Chat

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it says: provide encrypted agent messaging over Nostr relays, with local key storage and network access that fit that purpose.

Before installing, be comfortable with the skill creating persistent local agent keys and connecting to Nostr relay URLs. Keep ~/.agentbus/keys private, avoid using it on shared machines without proper permissions, and prefer a pinned or locked dependency set with current patched cryptography and certificate packages.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (7)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The program silently persists long-term private key material to ~/.agentbus/keys/<agent>.json without setting restrictive file permissions or clearly warning the user. If the host is shared, backed up insecurely, or later compromised, theft of this key enables full impersonation of the agent and decryption of future key-exchange material tied to that identity.

Unpinned Dependencies

Low
Category
Supply Chain
Content
coincurve>=21.0.0
websockets>=11.0.0
certifi>=2024.0.0
cryptography>=41.0.0
Confidence
94% confidence
Finding
coincurve>=21.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
coincurve>=21.0.0
websockets>=11.0.0
certifi>=2024.0.0
cryptography>=41.0.0
Confidence
94% confidence
Finding
websockets>=11.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
coincurve>=21.0.0
websockets>=11.0.0
certifi>=2024.0.0
cryptography>=41.0.0
Confidence
96% confidence
Finding
certifi>=2024.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
coincurve>=21.0.0
websockets>=11.0.0
certifi>=2024.0.0
cryptography>=41.0.0
Confidence
97% confidence
Finding
cryptography>=41.0.0

Known Vulnerable Dependency: certifi==2024.0.0 — 2 advisory(ies): CVE-2024-39689 (Certifi removes GLOBALTRUST root certificate); CVE-2024-39689 (Certifi is a curated collection of Root Certificates for validating the trustwor)

High
Category
Supply Chain
Confidence
90% confidence
Finding
certifi==2024.0.0

Known Vulnerable Dependency: cryptography==41.0.0 — 10 advisory(ies): CVE-2023-50782 (Python Cryptography package vulnerable to Bleichenbacher timing oracle attack); GHSA-537c-gmf6-5ccf (Vulnerable OpenSSL included in cryptography wheels); CVE-2024-26130 (cryptography NULL pointer dereference with pkcs12.serialize_key_and_certificates) +7 more

High
Category
Supply Chain
Confidence
97% confidence
Finding
cryptography==41.0.0

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.