Security audit

Insurance Actuarial Cn

Security checks across malware telemetry and agentic risk

Overview

This skill is an actuarial pricing reference with disclosed example code, not an automatically executing or data-accessing tool.

Install only if you want an educational actuarial pricing reference. Treat the Python blocks and regulatory/pricing assumptions as examples requiring qualified human review, especially before using them for real insurance, financial, or compliance decisions.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

High

Confidence: 96% confidence
Finding: The skill explicitly claims that it includes no executable code, yet it embeds multiple Python code blocks and also advertises production-ready Python pricing code. This mismatch can mislead users, policy engines, or reviewers into trusting the artifact under a lower-risk classification than it actually deserves, increasing the chance that code is copied, executed, or surfaced without appropriate safeguards.

Intent-Code Divergence

High

Confidence: 97% confidence
Finding: The declared capability 'no-executable-code' conflicts with the actual content, which contains Python implementations that appear runnable or near-runnable. Security controls and routing decisions often rely on capability metadata, so inaccurate metadata can bypass stricter review paths, sandboxing expectations, or user warnings.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal