Back to skill

Security audit

EVEZ Oracle Bridge

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real EVEZ/Vultr LLM bridge, but it exposes unauthenticated network endpoints that can trigger local services and persist or mutate local state.

Install only if you intend to run a network-accessible EVEZ bridge and can restrict it to a trusted interface, preferably localhost or behind authentication. Provide a limited Vultr API key, avoid sending secrets in prompts, and do not expose port 9110 to untrusted networks unless the mutation endpoints are protected or removed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill advertises networked API routing and external service integration, while the static analysis indicates capabilities such as env, file read/write, and network are present without any declared permissions. This creates a transparency and trust problem: users may invoke a skill that can access local resources or secrets beyond what its manifest communicates, increasing the risk of unintended data exposure or unauthorized outbound requests.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The bridge exposes a broad set of local EVEZ-OS service endpoints, including status and control surfaces, even though the stated purpose is routing LLM calls through a Vultr oracle. This expands the attack surface substantially and can let any network client interact with internal subsystems that were likely intended to remain localhost-only or separately authenticated.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The code exposes write/control operations such as /api/learn, /api/forge, /api/debate, and /api/cycle without any authentication, authorization, or validation. An external caller can trigger state changes in internal services, poison knowledge data, induce expensive processing, or manipulate local automation components through a publicly bound bridge.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
User-supplied prompts and system content are forwarded to an external inference provider, but this file provides no user-facing disclosure, consent mechanism, or data handling safeguards. In a bridge context, this can cause unintended leakage of sensitive prompts, secrets, or personal data to a third-party service.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.