Geo Audit Optimizer

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed XanLens audit helper with some wording and content-policy cautions, but no evidence of hidden execution, persistence, credential use, or automatic publishing.

Install only if you are comfortable sending a website URL and optional coupon to XanLens and manually approving any payment. Review any generated content for truthfulness, attribution, and platform rules before publishing, and do not treat the fixes endpoint as permission for automatic posting or website changes.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The skill is presented as an audit/recommendation tool, but it also exposes a write-capable fixes endpoint that can push drafted content. Even though the text says not to auto-apply changes, documenting a content-pushing API in the same skill expands the attack surface and can mislead an agent or integrator into treating the skill as read-only when it is not.

Intent-Code Divergence

High

Confidence: 98% confidence
Finding: The file explicitly claims the skill is read-only, yet later advertises a POST endpoint for pushing drafted content. This contradiction is dangerous because downstream agents, reviewers, or policy systems may rely on the read-only claim and grant the skill more trust than warranted, enabling unintended modification or publishing actions.

Ssd 4

Medium

Confidence: 96% confidence
Finding: The document explicitly instructs generated content to 'pass as human-written' and avoid signals of AI authorship, which is a deception pattern rather than normal editorial guidance. In an agent skill context, this can be used to help mass-produce content that conceals machine generation, evades disclosure norms, and bypasses moderation or authenticity checks on third-party platforms.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal