AOTrust — PDR Notarization

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a purpose-aligned notarization helper, with the main caution that it sends verification and payment-related metadata to AOTrust.

Before installing, confirm you are comfortable sending notarization hashes, payment or wallet/account details, and verification metadata to AOTrust. Avoid notarizing sensitive raw outputs or metadata that could reveal confidential business context through linkage, even if only hashes are submitted.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 83% confidence
Finding: The skill directs agents to transmit work-derived hashes, payment details, wallet/account information, and verification metadata to a third-party service, but it does not clearly warn users that these artifacts may reveal task linkage, financial activity, or sensitive business context. In a notarization workflow, external transmission is expected, but the missing privacy/data-sharing disclosure can cause users or downstream agents to expose sensitive metadata without informed consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal