Security audit

AI-powered DP Platform Operations Advisor

Security checks across malware telemetry and agentic risk

Overview

This DP operations skill is mostly coherent, but it handles API keys and possible operational actions with unclear safety boundaries.

Install only if you trust the DP platform endpoint, use HTTPS, and provide a least-privilege DP_API_KEY. Do not let the agent attempt re-login or alternate authentication, and require explicit confirmation with the exact job ID before any restart or other state-changing action.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: The skill instructs automatic re-login/session refresh even though it previously declares API-key-only authentication. In an agent setting, this contradiction can cause the agent to seek alternate credentials, perform unintended auth flows, or mishandle secrets when API-key auth fails, expanding the attack surface beyond the declared model.

Intent-Code Divergence

Medium

Confidence: 90% confidence
Finding: The file establishes 'No other authentication method is supported' but later directs the agent to automatically re-login on authentication errors. This inconsistency is dangerous because agents may improvise unsupported authentication steps, potentially leaking credentials, using browser/session state, or interacting with untrusted login endpoints.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: Printing even a partial API key in user-facing output unnecessarily exposes credential material and normalizes secret disclosure. In multi-tenant logs, chat transcripts, screenshots, or support escalations, partial secrets can aid correlation, key identification, and accidental leakage handling failures.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The prerequisites check again reveals a partial API key during authentication validation, creating avoidable credential exposure in logs or agent responses. Repeated secret disclosure patterns increase the chance that credentials are stored, shared, or used to fingerprint a specific key.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal