Back to skill

Security audit

Agent Network

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local multi-agent chat tool, but it needs Review because message routing, local persistence, decision/task mutation, and optional webhook forwarding are under-scoped for potentially sensitive collaboration data.

Install only if you are comfortable treating this as a trusted local collaboration prototype. Avoid sensitive prompts or business data unless you add group-membership checks, authenticated agent identity, retention/deletion controls, audit logging for mutations, and explicit opt-in/redaction for any webhook or automated handler that can act on or send message content outside the local environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The webhook integration example explicitly sends message content, sender, timestamp, and group metadata to an external URL. In a collaboration skill, outbound integrations can be legitimate, but this documentation normalizes exfiltration of conversational data without data-minimization, trust-boundary guidance, or consent controls, creating a real confidentiality risk if copied into production.

Context-Inappropriate Capability

Low
Confidence
83% confidence
Finding
The persistence example stores agent state to local disk in JSON files and suggests including fields like last activity and current tasks. While persistence is operationally useful, the example does not limit what may be stored or address access controls, encryption, retention, or segregation of sensitive task/user-derived data, which can lead to unintended local data exposure.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The file exposes sensitive state-changing operations for decisions without any authorization or role validation. Any caller able to invoke these methods can approve, reject, implement, or delete decisions regardless of proposer, membership, or admin privileges, which undermines the integrity of the multi-agent coordination system and can be abused to manipulate workflows, suppress decisions, or falsify outcomes.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill explicitly advertises message history, inbox notifications, and message search, which means it stores and indexes potentially sensitive multi-agent communications. Without any warning about retention, access control, or deletion behavior, users may unknowingly persist confidential prompts, task data, or operational details, increasing privacy and data exposure risk.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
This example transmits full message content and related metadata to an external endpoint without any warning that conversation data is being disclosed outside the system. Users or developers may adopt it as-is, causing silent leakage of potentially sensitive discussions, mentions, group names, or operational details to third parties.

Ssd 3

Medium
Confidence
96% confidence
Finding
The monitoring logic forwards plain-language message content plus metadata to an external webhook, increasing the chance of oversharing sensitive operational or personal information. Because this is presented as a simple mention notifier, developers may overlook that it creates a data-loss path outside the collaboration boundary.

Ssd 3

Medium
Confidence
88% confidence
Finding
The state persistence pattern encourages writing agent state to disk and even hints at storing current tasks, which may embed sensitive or user-derived information. Without guidance on scoping, permissions, encryption, or retention, this can expose confidential workflow data to other local users, backups, or compromised hosts.

VirusTotal

40/40 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.