Agent Passport
Security checks across malware telemetry and agentic risk
Overview
This is a documentation-only skill for calling a disclosed external agent-identity API, with no hidden code, persistence, or credential harvesting found.
Reasonable to install based on the available evidence. Before using it, be aware that the examples contact an external service, create an API key, and some verification endpoints are labeled as paid; only submit agent information you intend to register and keep any returned API key private.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.