Back to skill

Security audit

openprovider

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate OpenProvider domain-management skill, but it gives an agent broad registrar power without enough built-in safeguards for destructive actions.

Install only if you intend the agent to operate a real OpenProvider account. Use scoped credentials where possible, require the agent to show the exact domain, customer handle, DNS zone, nameserver group, certificate order, cost, and service-impact details before any write or delete action, and treat nameserver/SSL sections as requiring extra human review where Atlas support is marked unclear or not yet implemented.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (9)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The document states that direct nameserver management is not implemented, but then provides full create, update, and delete nameserver-group procedures. In an agent skill, this inconsistency can mislead integrators or policy layers into assuming these operations are unavailable, while the documented behavior still enables high-impact DNS changes.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list is extremely broad and includes generic phrases like 'change DNS', 'domain search', 'WHOIS', and 'customer handle', which can cause the skill to activate for loosely related requests without clear user intent for registrar-side actions. In a high-impact domain management context, overbroad activation increases the chance of unintended execution paths leading to sensitive reads or destructive modifications.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill documents destructive operations including deleting domains, DNS zones, SSL orders, and customer records, but does not require warnings, confirmations, or rollback guidance. Because these actions can disrupt ownership, DNS resolution, email delivery, and certificate validity, omission of safeguards materially increases the risk of accidental or unauthorized destructive changes.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The authentication section instructs the agent to load registrar credentials from environment variables or a database credential store, but provides no handling rules to prevent disclosure, logging, or reuse outside intended operations. In a registrar skill, these credentials enable domain and DNS control, so weak guidance around secret handling meaningfully elevates compromise risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation exposes a destructive delete-domain operation without any explicit warning about irreversibility, required confirmation, or ownership validation. In an agent skill context, this increases the chance that a model or user triggers domain deletion on ambiguous or malicious prompts, causing service outage or loss of control over a domain.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The update and delete operations affect nameserver groups but the documentation omits warnings about DNS outages, misrouting, and service disruption if domains depend on those groups. In a registrar/DNS-management skill, destructive infrastructure changes without safety guidance increase the chance of accidental or unsafe use by an agent or operator.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
## Delete Customer

### DELETE /customers/{handle}

Delete a customer handle. Cannot delete handles assigned to active domains.
Confidence
90% confidence
Finding
DELETE /customers/{handle}

Tool Parameter Abuse

High
Category
Tool Misuse
Content
## Delete Domain

### DELETE /domains/{id}

Request domain deletion. Domain may enter a redemption grace period depending on TLD.
Confidence
94% confidence
Finding
DELETE /domains/{id}

Tool Parameter Abuse

High
Category
Tool Misuse
Content
## Delete Nameserver Group

### DELETE /dns/nameservers/groups/{ns_group}

Delete a nameserver group. Cannot delete groups assigned to active domains.
Confidence
91% confidence
Finding
DELETE /dns/nameservers/groups/{ns_group}

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.