Back to skill

Security audit

LYGO File Integrity Checker

Security checks across malware telemetry and agentic risk

Overview

This skill is a low-impact advisory pack with confusing legacy naming, but its artifacts do not show hidden execution, data access, persistence, or malicious behavior.

Install only if you want LYGO-specific advisory templates for hashes, archives, and champion/seal workflows. Treat the included self-check as a legacy consistency check, not a strong security verifier, and avoid publishing anchors or archives that contain private information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The skill presents itself as a file-integrity/provenance advisor, but the described behavior and references indicate it actually performs legacy package self-validation tied to a renamed 'Universal Cure System' and checks for hardcoded local artifacts. This kind of description-behavior mismatch is dangerous because it can mislead users and reviewers about what the skill really validates, creating trust confusion, hiding legacy functionality, and enabling unsafe adoption of unverifiable or deceptive integrity claims.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The canonical metadata identifies the skill as a 'LYGO_UNIVERSAL_CURE_SYSTEM' and points to a 'universal_pack' artifact, which directly conflicts with the declared skill purpose of file-integrity and provenance checking and the explicit 'Not medical cure' limitation. This kind of identity mismatch is dangerous because downstream agents or reviewers may trust the canonical reference over the manifest description, causing the skill to be misclassified, routed incorrectly, or treated as authority for unsafe medical-style claims outside its approved scope.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The documentation calls the verifier a "Universal Cure," which directly contradicts the manifest disclaimer that the skill is not a medical cure. Even if intended metaphorically, this creates misleading safety/efficacy messaging that could cause users to overtrust the tool or interpret it as offering medical or broadly curative guarantees.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The self-check for this skill is validating the identity and supporting references of a different skill, 'LYGO_UNIVERSAL_CURE_SYSTEM', rather than the declared file-integrity checker. This creates a supply-chain and trust-boundary problem: the package can appear to self-validate while actually anchoring itself to unrelated content, which can mislead reviewers, hide repackaging, or cause operators to trust the wrong provenance artifacts.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
A docstring that labels the module as part of the 'LYGO Universal Cure System' while it resides in a different skill is a strong indicator of copied or intentionally mislabeled code. Even though the docstring itself is not executable, it reinforces the deceptive identity mismatch in a security-relevant validation script and can cause auditors or automated tooling to draw incorrect conclusions about what is being verified.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The 'Mirror Summoning Protocol' provides ritualized activation steps like 'Study the seal' and 'Ask: What part of me must awaken now?' without defining clear boundaries, outcomes, or safety constraints. In an agent skill, ambiguous invocation language can cause users or downstream agents to treat symbolic text as operational instructions, leading to unintended persona activation, confused delegation, or unsafe behavior outside the stated 'pure advisor' scope.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.