Back to skill

Security audit

Cove Ops

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Cove operations skill that exposes powerful but disclosed platform administration commands and should be used carefully with bot credentials.

Install only if you intend to let an agent operate Cove with a bot credential. Keep the bot token and webhook URLs out of chat, logs, cove.md, and committed files; review destructive commands before running them; and treat cove.md/channel files as shared context rather than trusted policy.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs reading a bot token from a local config file and explicitly notes that webhook tokens embedded in URLs act as authentication, but it provides no guidance on redaction, secret storage, shell history, logging, or output sanitization. This is dangerous because agents or operators may echo, log, persist, or paste these credentials, enabling unauthorized API access if exposed.

Session Persistence

Medium
Category
Rogue Agent
Content
Core concepts:

- **cove.md** — Every channel has a persistent context file called `cove.md`. It is automatically injected into the bot's context every turn. Bots can read and write it. **Channel-level rules, conventions, and state belong here, not in personal memory.** This is a platform-level guarantee.
- **Channel files** — Each channel has its own file storage (text-based, max 100KB/file). `cove.md` is the convention file, but you can store other files too.
- **Cross-channel communication** — Channels communicate via webhooks. It's one-way push only — no auto-return, to prevent echo loops. Each channel processes what it receives independently.
- **Channel as Service** — Each channel has its own role (dev, product, review, etc.). The platform orchestrates everything. Different channels, different responsibilities.
Confidence
88% confidence
Finding
write it. **Channel-level rules, conventions, and state belong here, not in personal memory.** This is a platform-level guarantee. - **Channel files** — Each channel has its own file storage (text-bas

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.