Security audit

Cathedral Audit

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed audit-and-remediation workflow, but it grants broad code-editing, shell, commit, and recurring cron-monitoring authority without strong user-control boundaries.

Install only if you want this skill to help drive actual repository changes, not just produce audit reports. Use the audit phases read-only, review each generated CC task brief before launch, avoid or tightly scope the cron monitor, inspect diffs, and require human approval before commits.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: The skill is presented as an audit workflow, but it escalates into making code changes, running builds, and creating commits. That mismatch increases the chance a user invokes what appears to be a review-only skill and unknowingly grants an agent authority to alter the repository, which can lead to unintended or unsafe modifications.

Intent-Code Divergence

High

Confidence: 97% confidence
Finding: The document first states agents should be given read-only access, then later instructs launching a CC session with Edit, Write, Read, and Bash permissions. This contradiction can mislead operators about the actual privilege level being granted and creates a serious risk of unauthorized repository changes or command execution under the guise of a safe audit process.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill instructs operators to pipe a task into a CC session with Edit, Write, Read, and Bash capabilities, but does not prominently warn at the point of use that this grants the agent the ability to modify the codebase and perform shell actions. In practice, this can cause users to trigger destructive or policy-violating changes without informed consent, especially because the surrounding document is framed as an audit procedure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.