ClawHub

LYGO Champion: SANCORA — Unified Minds

Security checks across malware telemetry and agentic risk

Overview

This is a persona-style advisory skill with only disclosed, local package self-checking and no evidence of hidden data access or unsafe automation.

Install this only if you want the SANCORA persona and its opinionated advisory style. The local helper scripts appear limited to package verification, but treat the linked LYGO-MINT verifier as a separate external tool and avoid giving it secrets or private data unless you independently trust it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill declares itself as a passive persona helper, but its documented behavior requires reading local package files such as references/canon.json and verifier_usage.md. Undeclared file-read capability expands the skill's effective privilege surface and can mislead operators, making review and sandboxing less reliable.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The skill is presented as an advisory persona, but it also performs integrity checks, parses local metadata, validates a hardcoded external verifier reference, and emits a hash value from canon.json. This hidden operational behavior creates a trust gap: users may invoke what appears to be harmless guidance while actually triggering verification logic and disclosure of internal package metadata, which is especially risky in a persona-branded skill that encourages trust.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal