consensus-send-email-guard

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local email-review guard; the main caution is that it stores local audit records of reviewed drafts.

Install only if local audit storage of reviewed email content is acceptable. Use a dedicated non-shared state directory, avoid pointing CONSENSUS_STATE_FILE or CONSENSUS_STATE_ROOT at sensitive/system paths, and prefer deterministic installs from the provided lockfile for production use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Unpinned Dependencies

Low

Category: Supply Chain
Content: "demo": "node --import tsx run.js --input ./examples/email-input.json" }, "dependencies": { "consensus-guard-core": "^1.1.15", "tsx": "^4.20.3" }, "license": "MIT",
Confidence: 92% confidence
Finding: "consensus-guard-core": "^1.1.15"

Unpinned Dependencies

Low

Category: Supply Chain
Content: }, "dependencies": { "consensus-guard-core": "^1.1.15", "tsx": "^4.20.3" }, "license": "MIT", "engines": {
Confidence: 92% confidence
Finding: "tsx": "^4.20.3"

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal