AGNTCY Identity CLI
Security checks across malware telemetry and agentic risk
Overview
This skill is a documented identity-issuer helper that handles sensitive secrets and signing keys, but the access is disclosed and fits its stated purpose.
Install only if you intend to use AGNTCY identity issuer workflows. Use a test vault and scoped test OAuth client first, do not paste CLIENT_SECRET or vault contents into chat/logs, and review the upstream Go module or backend scripts before using production signing keys.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
42/42 vendors flagged this skill as clean.