Security audit

V19 Early Causal Graph Debugger

Security checks across malware telemetry and agentic risk

Overview

This skill is not local malware, but it sends graph data to an external Cloudflare-hosted service with limited disclosure about who operates it, how data is handled, or what the key can do.

Review before installing. Use this only if you are comfortable sending causal graph data to the listed external service. Avoid private business logic, incident timelines, personal data, security investigations, or regulated information unless you trust the operator and have confirmed data handling. Prefer a dedicated low-privilege key, and treat the public key as a demo credential with unknown limits.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The skill is presented in metadata as a local causal-graph debugging capability, but the body instructs users to send data to a third-party remote service, use API keys, perform health checks, and interact with a governance endpoint. This mismatch can mislead users and downstream agents into externalizing potentially sensitive graph data under the assumption the skill is local-only, creating privacy, supply-chain, and trust-boundary risks.

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: Including a registration workflow unrelated to graph debugging expands the skill's operational scope beyond its stated purpose and can induce users or agents to create accounts or enroll with an external service unnecessarily. That broadening of capability increases attack surface and may facilitate tracking, data collection, or unauthorized service coupling without clear justification.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The documentation exposes a reusable governance key and encourages readers to send it in requests, effectively treating a credential as public. Even if intended as a demo token, publishing it without scope limits or handling guidance can enable unauthorized use, quota abuse, attribution confusion, or broader compromise if the key has more privileges than advertised.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill instructs users to POST user-supplied causal graph data to an external endpoint without any warning about confidentiality, retention, cross-border transfer, or downstream processing. Because causal graphs may encode sensitive business logic, decisions, incidents, or personal data, silent transmission to a remote service can create material privacy and compliance exposure.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal