Back to skill

Security audit

LYGO Sovereign Super Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed advisor and command map for a LYGO stack workflow, with consent gates around the higher-impact actions it describes.

Install only if you intend to work with the LYGO protocol stack. Set LYGO_STACK_ROOT only to the intended stack checkout, review commands before running planter, publish, social, token, or git-credential flows, and require explicit consent for any mutation or external account action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill instructs users and agents to set and rely on an environment variable (`LYGO_STACK_ROOT`) and to read local files such as `references/SECURITY.md`, registries under `docs/`, and other stack paths, but the metadata does not declare corresponding permissions. This creates a capability/permission mismatch that can mislead operators and security tooling, reducing visibility into what the skill can access and making it easier for a modified or downstream variant to read unintended local paths under the guise of normal operation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.