Security audit

Sardis Cards

Security checks across malware telemetry and agentic risk

Overview

This is a real payment-card management skill, but it gives an agent broad financial authority and access to full card credentials without clear approval gates.

Install only if you trust Sardis and intentionally want an agent to manage payment cards. Use the narrowest API key available, enforce hard spend limits and merchant allowlists outside the agent, and require manual confirmation before revealing card details, creating cards, unfreezing cards, raising limits, or deleting cards.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

Medium

Confidence: 93% confidence
Finding: The documented security model says full card numbers must never be exposed in responses, yet the skill documents a `/reveal` endpoint that returns full PAN and CVV. This contradiction is dangerous because it normalizes retrieval of live payment credentials in an agent-facing workflow, increasing the chance of leakage through logs, model context, transcripts, or downstream tooling.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The example response includes a full card number and CVV in plaintext, which is highly sensitive payment data. Even if illustrative, embedding such examples in a skill can encourage unsafe handling patterns and may cause agents or operators to treat PAN/CVV as normal output that can be displayed, logged, or retained.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.