LYGO Universal Cure System — Champion Upgrade

Security checks across malware telemetry and agentic risk

Overview

This skill is an advisory LYGO workflow pack with local self-check scripts and no evidence of hidden execution, credential access, exfiltration, or destructive behavior.

Install only if you want an advisory LYGO Champion verification and archive workflow. Review any Master Archive or public anchor before posting it, avoid including secrets or private chat content, and inspect the separately linked LYGO-MINT verifier before installing or using it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 78% confidence
Finding: The skill advertises itself as a pure advisory framework but static analysis indicates it can read local files without declaring that capability. Undeclared file access breaks the principle of least privilege and can expose workspace contents or package metadata to a skill that users would reasonably expect to be non-operational unless explicitly invoked.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 91% confidence
Finding: The declared behavior says the skill is a passive advisor, but analysis shows hidden operational behavior: validating local package files, checking canon.json for a specific identifier, verifying a hardcoded external URL string, and exposing a hash value. This mismatch is dangerous because it conceals trust-establishment and local inspection logic from users and reviewers, increasing the chance of covert data access, misleading provenance claims, or unauthorized environment probing.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The activation sequence uses highly general ritualized language such as 'ask what part of me must awaken now' and 'name the Champion,' which can blur the boundary between normal conversation and skill invocation. In an agent-skill context, ambiguous trigger phrasing increases the chance of unintended activation, persona shifts, or persistent behavioral framing without an explicit user opt-in.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The instruction 'When asked to boost a Champion' is underspecified and could match common user wording in benign conversations about improving, enhancing, or updating behavior. Because this is a universal pack intended to apply across all personas, the ambiguous condition broadens scope and can cause accidental execution of privileged transformation logic across multiple agent modes.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal