Back to skill

Security audit

Green Vault — AI Agent 安全与绿色运维顾问

Security checks across malware telemetry and agentic risk

Overview

Green Vault is a disclosed operations guide for GPU efficiency and secret management, with sensitive examples that are expected for its purpose but should be run carefully.

Install this as an advisory security and operations skill. Before running any 1Password, wallet, deletion, or hook-installation snippet, confirm the vault and item names, use limited session keys rather than master private keys, and avoid printing or logging retrieved secrets.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal, suspicious.prompt_injection_instructions

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
references/leak-prevention.md:94

Prompt-injection style instruction pattern detected.

Warn
Code
suspicious.prompt_injection_instructions
Location
references/prompt-injection-defense.md:81