CementOps MSHA Compliance

Security checks across malware telemetry and agentic risk

Overview

The skill is a disclosed MSHA safety/compliance assistant with local rule data and no evidence of hidden data theft, destructive behavior, or unrelated privileged actions.

Before installing, confirm the stop-work script path works in your agent environment and test the included self-test. Treat stop-work outputs as conservative screening that may require supervisor review, and configure any audit logging so sensitive worker, medical, incident, or legal-defense details are redacted and retained only as your organization allows.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (3)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 94% confidence
Finding: The skill markets a broad MSHA compliance suite, including citation defense, walk-through prep, and drafting support, but the available behavior appears far narrower and centered on stop-work screening. In a safety-critical industrial setting, this mismatch can cause users to rely on capabilities that do not actually exist, leading to incomplete compliance preparation, poor hazard handling, or unsafe operational decisions.

Vague Triggers

Medium

Confidence: 70% confidence
Finding: This rule includes very generic fire-related keywords such as 'fire', 'smoke', and 'burning', which are likely to match ordinary language, training text, historical discussions, or irrelevant descriptions. In a skill explicitly designed to force STOP_WORK outcomes, such ambiguity can be abused through crafted input to trigger unnecessary stoppages and operational disruption.

Ssd 3

Medium

Confidence: 93% confidence
Finding: The instruction to log every interaction creates an unrestricted audit trail that may capture sensitive operational details, incident reports, worker statements, legal-defense discussions, and potentially personal or medical information. In a regulated industrial environment, blanket retention without minimization, access control, retention limits, or disclosure controls increases privacy, legal, and insider-misuse risk.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal