Back to skill

Security audit

Legacy Circuit Mockups

Security checks across malware telemetry and agentic risk

Overview

This skill is not malware, but it includes chip-programming and firmware-building guidance beyond a visual circuit mockup skill, so users should review it before installing.

Install only if you want the agent to help with retrocomputing build references beyond diagrams, including firmware and chip-programming topics. Treat any minipro/T48 write or erase command as a real hardware modification: back up chip contents first, confirm the exact device and image, verify voltage and orientation, and disconnect power before rewiring physical circuits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
This file substantially expands the skill from circuit visualization into firmware toolchains, ROM image construction, emulator behavior, and EEPROM programming. That scope drift is dangerous because it gives the agent operational guidance for producing buildable firmware artifacts unrelated to the declared mockup/diagram purpose, increasing the chance of unauthorized code-generation or hardware-programming assistance.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The build pipeline and EEPROM programming sections document how to assemble binaries, link ROM images, pad them to device size, and write them to physical EEPROM hardware. In a skill advertised only for circuit mockups, this creates unjustified real-world execution capability and materially lowers the barrier to generating and deploying firmware to hardware.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
This reference file documents chip programming, erasing, and verification workflows that are outside the declared purpose of a breadboard/circuit mockup skill. That scope mismatch can cause an agent to provide operational guidance for interacting with real hardware, expanding the skill from visualization into device manipulation without clear justification or safety boundaries.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The file includes actionable instructions for selecting devices, reading chips, writing firmware, erasing flash, and programming GALs, which materially extends the skill's capabilities beyond diagram generation. In an agent setting, such hidden or unjustified capability expansion increases the chance the system will assist with real-world hardware modification when users expected only mockups or visual design help.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill provides step-by-step instructions for assembling and powering physical electronic circuits, including ICs, LEDs, timers, and microprocessor systems, but does not include basic electrical safety guidance such as verifying supply voltage, powering off before rewiring, checking polarity, avoiding shorts, and using current limiting. In a hands-on hardware skill, omission of these warnings can plausibly lead to damaged components, overheated parts, or minor user injury from incorrect wiring or misuse of power sources.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The document repeatedly instructs users to connect batteries directly to breadboarded circuits, including LEDs, ICs, and buzzers, but does not provide baseline electrical safety guidance such as verifying polarity, using current-limiting resistors where required, checking voltage compatibility, or avoiding shorts. In an electronics-building skill aimed at practical assembly, these omissions can lead to overheated components, damaged batteries, failed parts, or minor burn risk, especially for beginners following the steps literally.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The document provides destructive commands such as write and erase operations without prominently warning that they can overwrite firmware, destroy prior contents, or render devices unusable if the wrong part or image is used. In a skill not meant for programming tasks, that omission makes accidental misuse more likely because users may treat the examples as harmless reference commands.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.