Back to skill

Security audit

Release Gate

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed release-checklist and logging aid, not a hidden deploy tool, but users should not treat its helper script as a technical enforcement control.

Install this only as a process checklist and logging helper. Do not rely on run_release_gate by itself to prove approvals or tests passed; verify checklist items separately, fail closed when any item is uncertain, and choose a log path that is appropriate for potentially sensitive deployment notes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
This is a true security/design vulnerability: the skill advertises enforcing structured sign-off before irreversible actions, but run_release_gate only checks whether required role keys exist in the checklist and then marks every required role as PASS. That allows an agent or caller to bypass the gate by supplying any non-empty checklist entries for the required roles, causing unsafe deployments, restarts, migrations, or launches to be approved without actual verification.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The docstring and surrounding skill description imply that checklist verification has occurred, but the implementation encodes trust in caller-supplied strings and auto-converts presence into PASS. In an agent setting, this kind of misleading contract is dangerous because downstream users may rely on the function as an enforcement control when it is only a logging wrapper, creating a false sense of safety around irreversible operations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.