Back to skill

Security audit

Data Structure Protocol (DSP)

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local code-graph skill, but its bundled CLI has under-scoped write and delete behavior that users should review before installing.

Install only if you explicitly want agents to maintain persistent `.dsp` metadata in your repositories. Keep `.dsp` and related source-marker changes under version control, review diffs before committing, and avoid autonomous use of delete commands until the CLI validates UID arguments and adds confirmation or dry-run safeguards.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The SKILL.md documents DSP CLI operations beyond the described behavior, including diagnostics and graph-navigation commands not consistently reflected elsewhere. When a skill advertises broader capabilities than its manifest or contract, agents may rely on undocumented behaviors, increasing the chance of unintended file access, mutation, or unsafe tool invocation without proper review.

Intent-Code Divergence

Medium
Confidence
79% confidence
Finding
The command reference and later workflow sections list different available DSP CLI operations, which can cause an agent to attempt commands that may not exist or may behave differently than expected. In security-sensitive automation, such ambiguity can lead to fallback behaviors, error-driven retries, or unsafe assumptions about graph updates and cleanup semantics.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The activation criteria are very broad, covering general code creation, modification, deletion, navigation, and any project with a `.dsp/` directory. Because the skill includes write-oriented instructions like bootstrapping and graph updates, broad triggering increases the risk of the skill being auto-invoked during ordinary development tasks and causing unrequested repository changes or expanded data collection.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The document specifies irreversible operations such as `remove-shared` and especially `remove-entity` with cascading cleanup, but provides no warning, confirmation, dry-run, backup, or recovery guidance. In an agent skill context, this omission is dangerous because an automated agent may execute destructive commands directly from documentation, causing broad metadata loss across the `.dsp/` graph from a single mistaken or maliciously induced action.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.