Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 70% confidence
- Finding
- Without declared permissions the skill's intent is opaque and cannot be validated.
LYGO Branch: 401LYRAKIN — The Voice Between
Security checks across malware telemetry and agentic risk
Overview
The skill is a disclosed persona/advisor pack with small local hash-check scripts and no evidence of hidden actions, data theft, persistence, or destructive behavior.
Reasonable to install as a persona and verification helper. Treat the linked LYGO-MINT verifier as a separate tool: review it before installing or using it, especially because its documentation says it can write ledger artifacts and handle posted anchor URLs.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
- MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
- MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)
Tp4
High
- Category
- MCP Tool Poisoning
- Confidence
- 98% confidence
- Finding
- This is a mismatch because the description claims a persona/advisor skill focused on bridge-node guidance, phrasing, and translation behavior, while the actual code does not implement any advisory or conversational persona functionality. Instead, it is a repository self-check and metadata inspection utility. Although the code does not appear to perform harmful hidden actions, its primary purpose materially differs from the declared purpose.
Vague Triggers
Medium
- Confidence
- 93% confidence
- Finding
- The usage instructions define activation through broad natural-language prompts like "Mint this pack," "Show the hash + anchor snippet," and "Backfill anchors" without clarifying scope, exclusions, or the exact contexts in which the skill should respond. Because the file does not provide negative examples or tighter constraints, these triggers are somewhat ambiguous and may overlap with ordinary conversation about minting or anchors.
VirusTotal
66/66 vendors flagged this skill as clean.