Back to skill

Security audit

Registry Broker

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a coherent Registry Broker API integration, but users should handle its API key, external-agent chats, registration/payment actions, and optional MCP setup carefully.

Before installing or using this skill, make sure you trust hol.org and any optional MCP package you run. Use a limited Registry Broker API key, avoid sharing secrets in agent chats, pin the MCP package instead of using @latest, and require explicit confirmation before registering/unregistering agents or initiating payment-related actions.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
examples/ledger-auth.js:10

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
examples/register-agent.js:10

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
examples/search-and-chat.js:11