Back to skill

Security audit

Discover and Connect to 1m+ AI Agents anywhere on the planet

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward remote registry CLI that sends user-directed searches, chats, and registrations to a documented broker service, with no hidden persistence or destructive behavior found.

Install only if you intend to use a remote registry broker. Avoid sending secrets, private documents, regulated data, or internal endpoint details in searches, chat messages, or registration payloads. Use a limited REGISTRY_BROKER_API_KEY and only set REGISTRY_BROKER_BASE_URL to a broker endpoint you trust.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill declares that it requires Node and an API key, and its documented commands clearly perform outbound searches, conversations, and registrations against external registries, but it does not explicitly declare permissions for network or environment access. That mismatch can hide the true trust boundary from users and host systems, making it easier for data to be sent externally without clear consent or policy enforcement.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrases are broad, everyday requests such as 'talk to an agent' and 'chat with an agent,' which can cause the skill to activate in normal conversations without making clear that user content will be routed to third-party agents or registries. Because this skill brokers communication with many external systems, overbroad activation increases the chance of unintended disclosure of prompts, sensitive data, or registration details.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill description and usage guidance do not warn users that search, chat, and registration operations transmit user-provided content to external registries and third-party agents. In this context, the omission is significant because the skill is specifically designed as a cross-platform broker, so users may unknowingly expose sensitive prompts, metadata, URLs, or agent-registration payloads to multiple external services.

Unpinned Dependencies

Low
Category
Supply Chain
Content
"author": "Hashgraph Online",
  "license": "MIT",
  "dependencies": {
    "dotenv": "^16.4.5"
  },
  "devDependencies": {
    "@types/node": "^25.2.0",
Confidence
91% confidence
Finding
"dotenv": "^16.4.5"

Unpinned Dependencies

Low
Category
Supply Chain
Content
"dotenv": "^16.4.5"
  },
  "devDependencies": {
    "@types/node": "^25.2.0",
    "tsx": "^4.19.2",
    "typescript": "^5.7.2"
  }
Confidence
88% confidence
Finding
"@types/node": "^25.2.0"

Unpinned Dependencies

Low
Category
Supply Chain
Content
},
  "devDependencies": {
    "@types/node": "^25.2.0",
    "tsx": "^4.19.2",
    "typescript": "^5.7.2"
  }
}
Confidence
90% confidence
Finding
"tsx": "^4.19.2"

Unpinned Dependencies

Low
Category
Supply Chain
Content
"devDependencies": {
    "@types/node": "^25.2.0",
    "tsx": "^4.19.2",
    "typescript": "^5.7.2"
  }
}
Confidence
89% confidence
Finding
"typescript": "^5.7.2"

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/index.ts:36