a2a-Market-Compute-Ledger
Security checks across malware telemetry and agentic risk
Overview
This skill is coherent and not malicious, but it should be reviewed because it is meant to operate billing ledgers, balance holds, debits, and settlement events without clear runtime scoping or approval controls.
Review this before installing in any real billing or account environment. Use it only with audited runtime code, least-privilege credentials, explicit approval for freeze/debit/capture/settlement actions, separate test and production environments, idempotency checks, and clear reconciliation or rollback procedures.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.