Back to skill

Security audit

Guardian Compliance

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Guardian API helper for sensitive compliance data, with no evidence of hidden persistence, local data harvesting, destructive actions, or unrelated behavior.

Install only if you trust Guardian with immigration, tax, business compliance, and document metadata. Keep GUARDIAN_TOKEN private, leave GUARDIAN_API_URL unset unless you trust the alternate endpoint, and ask for document, risk, deadline, or Ask Guardian results only when you are comfortable showing or sending that sensitive account context.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill invokes shell scripts and external binaries (`bash`, `curl`, `jq`) but does not declare corresponding permissions, which weakens transparency and consent around code execution. In a skill handling immigration, tax, and document-related data, undisclosed execution capability increases risk because users may not realize local commands and remote API calls are occurring.

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The declared description focuses on compliance alerts and status checks, but the skill also exposes document-listing behavior for the user's Guardian data room. That mismatch can undermine informed consent, especially because filenames, document types, sizes, and upload dates may reveal sensitive immigration, tax, or corporate information even without opening the files.

Vague Triggers

Medium
Confidence
88% confidence
Finding
Using the single broad trigger phrase `guardian` increases the chance of accidental invocation during normal conversation, which could cause the skill to fetch sensitive compliance data without sufficiently specific user intent. In this context, unintended execution may expose immigration or tax status details in chat or trigger unnecessary API calls with personal data.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill description and setup do not clearly warn users that sensitive immigration, tax, business, and document-derived data will be transmitted to the Guardian API when the scripts run. Because this skill processes highly sensitive personal compliance information, lack of explicit notice and consent materially increases privacy and confidentiality risk.

Missing User Warnings

High
Confidence
98% confidence
Finding
The `Ask Guardian` feature states that it sends the user's question to an AI assistant with full context from documents, findings, and immigration status, but it does not present an explicit warning or consent checkpoint before that transfer. This is especially dangerous because free-form questions may include additional sensitive facts, and the full-context transmission amplifies privacy exposure beyond what users may expect.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.