AI Security Guard

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only security-guard skill whose behavior is mostly coherent, but users should not assume its sandbox or read-only examples are enforced without separate implementation review.

Installers can treat this as a benign specification, not a working security boundary. Before relying on it, confirm the actual implementation enforces read-only mode, disables or clearly gates sandbox network access, and keeps audit logs local or otherwise explicitly approved.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The skill claims sandbox and network isolation as core protections, but the default sandbox configuration explicitly enables network access. This inconsistency can cause operators to assume commands are isolated when they can still reach external systems, increasing risk of data exfiltration, remote payload retrieval, or unintended outbound access.

Intent-Code Divergence

Medium

Confidence: 77% confidence
Finding: The documented readonly mode is presented as suitable for review/analysis, but elsewhere the skill's examples and allowed command patterns include commands that may have side effects. Ambiguity around what readonly actually permits can lead to accidental execution of mutating commands under a supposedly safe mode.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal