Agent Team

Security checks across malware telemetry and agentic risk

Overview

This skill is a plausible multi-agent manager, but it should be reviewed because it can spawn ongoing child-agent sessions and includes an under-documented helper that calls an external model API with confusing credential handling.

Review before installing if you do not want delegated child-agent sessions or local persona files sent to model providers. Use only trusted SOUL.md/config.json agent profiles, monitor and stop spawned sessions as needed, and do not place real API keys directly into greetings.py.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

High

Confidence: 98% confidence
Finding: The file claims API keys are read securely from environment variables, but the actual request path uses per-agent api_key fields embedded in configuration objects. This creates a risky pattern where developers may hardcode secrets in source control or believe environment-based protection is in effect when it is not, leading to credential exposure and misuse of paid model APIs.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: Interactive chat sends both user input and the loaded SOUL.md persona content to an external model process without any explicit consent, warning, or data-minimization step. In this context, SOUL.md and user prompts may contain private workspace data or sensitive instructions, so silent forwarding creates a real confidentiality and governance risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal