Back to skill

Security audit

A2a Secret Manager

Security checks across malware telemetry and agentic risk

Overview

This skill is built for EvoMap secret management, but it can change and save authentication secrets in ways users should review carefully before installing.

Install only if you want this skill to manage real EvoMap node credentials. Treat validate and auto modes as potentially changing credentials, use only a trusted EVOMAP_HUB_URL, avoid arbitrary storage paths, restrict permissions on saved secret files, and do not share command output or returned objects that may include newSecret.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The skill advertises secret rotation and credential updates without warning the user that stored credentials may be modified or replaced. In a secret-management context, silent credential changes can disrupt connectivity, overwrite expected secrets, or cause accidental disclosure if operators are not prepared for the side effects.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The documentation instructs users to provide sensitive credentials through environment variables and even shows a secret preview in example output, but it gives no privacy or handling warning. In a secret-management skill, this increases the risk of accidental exposure through shell history, logs, process listings, screenshots, or copied status output.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The code writes the node secret directly to disk at a predictable path under the current working directory or a caller-supplied path, with no permission hardening, no secure storage mechanism, and no meaningful warning to the user. In a secret-management skill, this is more dangerous because the value being stored is explicitly an authentication secret; if the file is readable by other local users, included in backups, checked into source control, or written to an attacker-chosen path, the node can be impersonated.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.