LYGO Champion: Δ9RA (RA) — The Wolf

Security checks across malware telemetry and agentic risk

Overview

This skill is an advisor-style persona with small local hash-check helpers and no evidence of hidden control, data access, persistence, or exfiltration.

Reasonable to install as an advisor persona. Treat the packaged hash as an integrity reference, not proof that the persona's claims are true, and review the linked LYGO-MINT verifier separately before allowing it to write ledgers, process file paths, or generate public anchor snippets.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The usage instructions define very generic activation phrases like "Mint this Champion pack," "Show the hash + anchor snippet," and "Backfill anchors," which can plausibly overlap with ordinary user requests. In an agent skill context, broad triggers can cause unintended invocation of privileged or specialized behavior on unrelated inputs, especially when users paste arbitrary text, file paths, URLs, or IDs.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal