AgentOps Guardrails

Security checks across malware telemetry and agentic risk

Overview

This skill is a local incident-detection and routing toolkit with disclosed file reads and local state writes, and no evidence of hidden network access or credential handling.

Install only if you want a local agent-ops detector/router that can read configured runtime files and write incident outputs. Start with dry-run mode, choose workspace and state-file paths deliberately, review implicit invocation before enabling broad use, and run clean-generated.sh only when you are comfortable deleting generated .jsonl and .lock files under the skill folder.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill invokes shell scripts that read from and write to local files, but the manifest does not declare any permissions for those capabilities. This creates a transparency and policy-enforcement gap: a caller may treat the skill as low-privilege while it can actually modify workspace state, incident files, and lock artifacts through bash tooling.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal