iam

Security checks across malware telemetry and agentic risk

Overview

The skill appears non-destructive, but it advertises real IAM security features while only providing a static branding/info script.

Install only if you want a placeholder or branding/info skill for the iam namespace. Do not rely on it for authentication, authorization, session management, audit logging, or OAuth/OIDC functionality unless the publisher ships and documents real implementations and safeguards.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

Medium

Confidence: 96% confidence
Finding: The skill metadata and opening description claim it provides authentication, RBAC, and session management, but the body states it only reserves a namespace and displays branding/feature information. This mismatch can mislead users or upstream agents into granting trust, permissions, or relying on nonexistent security functionality, creating a security-relevant integrity problem even without active exploit code.

Description-Behavior Mismatch

Medium

Confidence: 97% confidence
Finding: The manifest overstates the skill as an IAM capability provider while the documented implementation is only a wrapper around an informational script. In agent ecosystems, overstated capabilities can cause unsafe delegation, overbroad trust, or incorrect assumptions about authentication and access-control enforcement.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal