Security audit

Pre-Publish Fact Checker

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent fact-checking helper that uses a disclosed Prismfy API key and optional reminder hook, with privacy and credential-handling cautions but no artifact-backed malicious behavior.

Install if you are comfortable sending the claims you verify to Prismfy using your API key. Prefer a revocable or scoped key, avoid putting secrets in shared dotfiles, and enable the hook only if you want future agent sessions to receive fact-checking reminders.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
YARA SignaturesMalware Match, Webshell Match, Cryptominer Match
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill instructs the agent/user to run shell scripts and shell commands, but the manifest does not declare corresponding permissions or capabilities. This weakens transparency and policy enforcement because a reviewer or runtime may underestimate what the skill can execute, increasing the chance of unintended command execution or unsafe integration.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 90% confidence
Finding: The declared purpose is limited to claim verification, but the skill also performs external API access, quota/account inspection, and installs/enables a hook that affects agent behavior outside a single verification run. This mismatch is security-relevant because hidden or under-disclosed behaviors can surprise operators, expand data exposure to third parties, and create persistence-like effects in the local agent environment.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The script sends user-supplied claim text to an external third-party API and can also retrieve account data, but it provides no user-facing disclosure, consent gate, or sensitivity check before transmission. In a claim-verification skill, drafts may contain unpublished, confidential, or regulated information, so silent exfiltration to an external service creates a real data-handling risk in context.

YARA rule 'backdoor_persistence': Backdoor persistence with malicious payloads (shell commands, SSH key injection, hidden root users) [malware]

High

Category: YARA Match
Content: To keep it after restart: ```bash echo 'export PRISMFY_API_KEY="ss_live_your_key_here"' >> ~/.bashrc source ~/.bashrc ```
Confidence: 86% confidence
Finding: echo 'export PRISMFY_API_KEY="ss_live_your_key_here"' >> ~/.bashrc

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.