Back to skill

Security audit

LYGO Sovereign Workflow Orchestrator

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local workflow-orchestration helper, with notable but opt-in risks around third-party upstream mode and user-approved workflow execution.

Install only if you trust the LYGO stack you point it at. Keep the default dry-run mode for first use, validate untrusted YAML before running it, do not put secrets in public workflow files, and enable `sandcastle-ai`, Docker/Podman execution, or the kernel planter only after explicit review and consent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill advertises operational commands that read local files and explicitly instructs the model/operator to read `references/SECURITY.md`, yet it does not declare corresponding permissions. Undeclared file-read capability weakens user consent and transparency, making it easier for a skill to access local content without clear review of that access scope.

Missing User Warnings

Low
Confidence
81% confidence
Finding
The skill mentions an optional upstream mode (`pip install sandcastle-ai` with `LYGO_SANDCASTLE_USE_UPSTREAM=yes`) that changes behavior based on externally installed code, but the warning is limited to vague 'user trust required' language. This is dangerous because it can lead users to enable execution paths backed by third-party code without a clear statement of supply-chain, network, and arbitrary code execution risks.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.