Back to skill

Security audit

Hyperframes Core

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a coherent HyperFrames authoring guide, but one reference instructs agents to launch background CLI worker processes and write prompts/logs to disk when normal subagent support is unavailable.

Install only if you are comfortable with HyperFrames workflows that may use subagents or local CLI workers. Before using it, require explicit approval before any background worker, shell process, prompt-file handoff, or log-writing fallback is used; otherwise stick to the HTML composition guidance and native harness delegation controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The file instructs the agent to degrade to 'headless CLI children' by writing prompts to files and launching background shell processes. That expands the skill from composition guidance into process spawning and shell orchestration, which increases attack surface and can execute arbitrary prompt-derived work outside the intended contract. In this context, the child prompts may contain untrusted workflow content, so normalizing shell-based execution as a fallback is risky.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
The documentation explicitly authorizes starting background shell processes for worker execution, including writing prompts to disk and invoking a CLI per worker. That grants a powerful execution primitive unrelated to the stated composition-contract purpose and can be abused to run arbitrary commands, persist sensitive prompts in files, or bypass safer harness controls around delegation and auditing.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The fallback tells the agent to start background shell processes without requiring a user-visible warning or approval in this file. That creates a quiet escalation path where the agent may initiate asynchronous local execution and file-based prompt handoff without the user's awareness, increasing the chance of unintended code execution or data exposure.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.