Back to skill

Security audit

Axiomata Kan Creator

Security checks across malware telemetry and agentic risk

Overview

This appears to be a local model-scaffolding skill, but it materially overclaims KAN/B-spline behavior and writes generated files without strong path or overwrite controls.

Review before installing. Use only in a dedicated workspace, pass simple slug-style names and an explicit safe output directory, inspect generated Python before running it, and do not rely on the advertised B-spline KAN or NaN-free guarantees without independent validation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill documentation instructs users to run a script that creates directories and writes files, but the skill declares no permissions. That omission can mislead a host agent or user about the skill's side effects, weakening consent and policy enforcement around filesystem access.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented behavior materially differs from what the skill reportedly generates: it claims a KAN with learnable basis functions and bounded activations, but analysis indicates project scaffolding, synthetic-data/training utilities, and a standard MLP with inconsistent activation behavior. This kind of capability mismatch is dangerous because downstream agents or users may trust incorrect architectural and safety properties, leading to unsafe execution and invalid model assumptions.

Intent-Code Divergence

Medium
Confidence
83% confidence
Finding
The documentation promises bounded Tanh activations and 'NaN-free' training, but later sections describe SiLU and B-spline-based behavior instead. Conflicting safety and numerical-stability claims can cause users to deploy the generated model under false assumptions about robustness and failure modes.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The instructions tell users to run commands that create directories and files, but they do not clearly warn about filesystem modifications. In agent settings, undisclosed write side effects can lead to accidental workspace changes, especially when users expect a conceptual or advisory skill rather than a scaffolding tool.

Shadow Command Trigger

Medium
Category
Trigger Abuse
Confidence
78% confidence
Finding
The trigger phrase 'create KAN' overlaps with a generic built-in 'create' command, which can cause unintended invocation of this skill in response to broad user requests. Trigger shadowing is risky because it may route tasks into a file-writing skill unexpectedly, increasing the chance of unapproved side effects.

Shadow Command Trigger

Medium
Category
Trigger Abuse
Confidence
78% confidence
Finding
The trigger 'build KAN' similarly conflicts with the generic built-in 'build' verb and can cause accidental activation. In the context of a skill that may write files and scaffold projects, ambiguous routing raises the likelihood of unintended filesystem changes or misuse.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.