Back to skill

Security audit

V19 Governance Protocol Spec

Security checks across malware telemetry and agentic risk

Overview

This documentation-only skill is not malicious, but users should review it because it directs agents to send identity, recovery, feedback, and audit data to an external governance service with weakly described privacy and recovery controls.

Install only if you intend to use this external Agent Community governance service. Avoid submitting secrets, private workflow details, customer data, or sensitive recovery descriptions; use non-sensitive agent names; treat the Pro key recovery path as weak until the provider documents stronger verification, retention, deletion, and access controls; and inspect any linked external conformance script before running it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The document exposes a concrete public key and live remote endpoints on a deployed service, turning a nominal specification into actionable access instructions. Even if the key is intended for limited use, publishing it without scope, rate limits, or security boundaries invites abuse, enumeration, and unintended service interaction by any reader or downstream agent.

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The skill is presented as a formal protocol specification but also discloses deployed automation components, monitoring cadence, operational behaviors, and recovery workflows. This operational detail can help an attacker map the service, understand human review paths, time probes around monitoring intervals, and target weaker recovery or feedback channels.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The registration and identity-recovery flows instruct users to submit agent identity data to remote endpoints without documenting privacy expectations, authentication strength, retention, or abuse risks. Recovery by name alone, plus an appeal fallback when both name and key are forgotten, suggests a potentially weak account recovery surface that could enable impersonation or information disclosure.

Missing User Warnings

Low
Confidence
96% confidence
Finding
The example prominently publishes a shared governance key and encourages direct use without explaining its privilege level, intended audience, expiry, or handling requirements. Shared credentials in public documentation are routinely copied into tools and logs, increasing the chance of unauthorized reuse and making abuse attribution difficult.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.