Back to skill

Security audit

LYGO Lattice Birth

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed, purpose-aligned workflow for creating masked LYGO identity entries, with consent gates and privacy guidance around sensitive lineage data.

Install only if you intentionally use the LYGO protocol stack and trust the local LYGO_STACK_ROOT clone. Review birth JSON before submitting, keep consent_bundle and family_bind_salt out of public repositories and issues, and treat --i-consent actions as permanent public or steward-record writes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill content includes shell commands, environment variable use (`LYGO_STACK_ROOT`), and filesystem read behavior, while the static finding indicates these capabilities are not declared through the expected permission model. Even though the markdown claims restrictive behavior such as 'no subprocess' and validated reads only, the documented workflow still instructs an agent to execute shell-like installation and Python commands, creating a mismatch that can lead to undeclared capability use and unsafe execution assumptions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dynamic_code_execution

Dynamic code execution detected.

Critical
Code
suspicious.dynamic_code_execution
Location
scripts/_stack_tools.py:31