Archon Keymaster

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent as a DID/key-management toolkit, but it handles long-lived secrets in risky ways and includes unpinned remote installation instructions that need review before use.

Install only if you are comfortable with this skill managing DID wallet material. Review ~/.archon.env handling, avoid running the curl-to-shell nak installer unless you independently trust and verify it, avoid exposing terminal logs when deriving Nostr keys, and treat the generated wallet passphrase, mnemonic, wallet file, and Nostr secret as high-value credentials.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Rogue AgentSelf-Modification, Session Persistence
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (24)

Description-Behavior Mismatch

Medium

Confidence: 98% confidence
Finding: The README advertises vaults and distributed asset storage as part of this skill even though the skill metadata explicitly says vaults/backups belong to a different skill. This kind of scope mismatch can mislead users or downstream agents into invoking the wrong capability, causing unsafe workflows, broken security assumptions, or accidental exposure of sensitive data to tooling that was not intended for that purpose.

Description-Behavior Mismatch

Medium

Confidence: 99% confidence
Finding: The quick-start section gives concrete vault creation and sharing commands under this skill, directly encouraging users to perform security-sensitive storage operations through the wrong interface. In an agent ecosystem, executable-looking examples are especially risky because users or automation may treat them as authoritative and unintentionally misuse credentials, keys, or storage paths.

Description-Behavior Mismatch

Medium

Confidence: 97% confidence
Finding: Listing vaults and backup directories in the architecture diagram suggests these components are bundled with this skill and may be relied on by users, reviewers, or orchestration systems. That misrepresentation weakens trust boundaries and can result in incorrect installation, authorization, or review decisions around highly sensitive key and backup material.

Description-Behavior Mismatch

Medium

Confidence: 98% confidence
Finding: Claiming vault backup/restore as a current capability reinforces a false security boundary and may cause operators to trust this skill with backup-related responsibilities it does not own. Because backups and vaults involve secret material, confusion about which skill handles them increases the chance of operational mistakes and incomplete security review.

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: The manifest omits asset storage and retrieval despite the body presenting them as core features. Hidden or under-declared data handling is a security issue because it can lead to unexpected exfiltration, storage, or processing of user files without matching governance metadata.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The skill description is extremely broad, covering many identity, crypto, messaging, file, and network functions without clear invocation boundaries. Overly broad trigger scope increases the chance of accidental or overly-permissive invocation for generic tasks, especially in agentic systems that route by semantic similarity.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The script executes an irreversible asset transfer immediately after accepting two positional arguments, with no confirmation prompt, dry-run mode, or validation that the recipient DID is intended. In a wallet/identity-management context, a typo, argument injection from higher-level automation, or operator mistake can permanently transfer control of an asset to the wrong DID.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The script writes decrypted plaintext directly to a user-specified path using shell redirection without checking whether the destination already exists, is a symlink, or has overly broad permissions. In a crypto/identity-management tool, this can expose sensitive decrypted material through accidental overwrite, placement in an unsafe location, or writing into attacker-influenced paths.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The script sources ~/.archon.env directly into the shell, which executes any shell code in that file rather than merely reading key-value pairs. If the environment file is modified by another local process, a malicious installer, or an attacker with limited filesystem access, running this verification script can trigger arbitrary code execution and expose secrets loaded from that file. In a cryptographic identity toolkit, loading DID keys and related credentials makes this especially sensitive.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The script performs a state-changing action after a read operation by automatically removing the "unread" tag via `file-dmail`, but it does not clearly warn the user that viewing a message will mutate mailbox state. In an identity and secure messaging toolkit, this can surprise operators, interfere with auditability or workflow automation, and cause loss of unread status that may matter operationally.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The script derives a Nostr private key from the user's Archon DID mnemonic and prints the resulting `nsec` secret directly to stdout. This creates a high risk of credential exposure through terminal scrollback, shell history capture, logs, CI output, or other process/output collection mechanisms, and because the key is deterministically derived from the DID seed, compromise can enable impersonation in Nostr and link identity material across systems.

Credential Access

High

Category: Privilege Escalation
Content: # Ensure environment is loaded if [ -z "$ARCHON_PASSPHRASE" ]; then if [ -f ~/.archon.env ]; then source ~/.archon.env else echo "Error: ARCHON_PASSPHRASE not set. Run create-id.sh first."
Confidence: 83% confidence
Finding: .env

Credential Access

High

Category: Privilege Escalation
Content: # Ensure environment is loaded if [ -z "$ARCHON_PASSPHRASE" ]; then if [ -f ~/.archon.env ]; then source ~/.archon.env else echo "Error: ARCHON_PASSPHRASE not set. Run create-id.sh first."
Confidence: 78% confidence
Finding: .env

Credential Access

High

Category: Privilege Escalation
Content: # Ensure environment is loaded if [ -z "$ARCHON_PASSPHRASE" ]; then if [ -f ~/.archon.env ]; then source ~/.archon.env else echo "Error: ARCHON_PASSPHRASE not set. Run create-id.sh first." exit 1
Confidence: 70% confidence
Finding: .env

Credential Access

High

Category: Privilege Escalation
Content: # Ensure environment is loaded if [ -z "$ARCHON_PASSPHRASE" ]; then if [ -f ~/.archon.env ]; then source ~/.archon.env else echo "Error: ARCHON_PASSPHRASE not set. Run create-id.sh first."
Confidence: 94% confidence
Finding: .env

Credential Access

High

Category: Privilege Escalation
Content: # Ensure environment is loaded if [ -z "$ARCHON_PASSPHRASE" ]; then if [ -f ~/.archon.env ]; then source ~/.archon.env else echo "Error: ARCHON_PASSPHRASE not set. Run create-id.sh first." exit 1
Confidence: 94% confidence
Finding: .env

Credential Access

High

Category: Privilege Escalation
Content: fi # Load environment if [ -f ~/.archon.env ]; then source ~/.archon.env else echo "ERROR: ~/.archon.env not found"
Confidence: 94% confidence
Finding: .env

Credential Access

High

Category: Privilege Escalation
Content: # Load environment if [ -f ~/.archon.env ]; then source ~/.archon.env else echo "ERROR: ~/.archon.env not found" exit 1
Confidence: 97% confidence
Finding: .env

Credential Access

High

Category: Privilege Escalation
Content: # For local gatekeeper (unlimited): export ARCHON_GATEKEEPER_URL="http://localhost:4224" EOF chmod 600 ~/.archon.env echo "✓ Environment saved to ~/.archon.env (chmod 600)" # Source it for this session
Confidence: 89% confidence
Finding: .env

Credential Access

High

Category: Privilege Escalation
Content: EOF chmod 600 ~/.archon.env echo "✓ Environment saved to ~/.archon.env (chmod 600)" # Source it for this session source ~/.archon.env
Confidence: 86% confidence
Finding: .env

Credential Access

High

Category: Privilege Escalation
Content: # Ensure environment is loaded if [ -z "$ARCHON_PASSPHRASE" ]; then if [ -f ~/.archon.env ]; then source ~/.archon.env else echo "Error: ARCHON_PASSPHRASE not set. Run create-id.sh first."
Confidence: 82% confidence
Finding: .env

Credential Access

High

Category: Privilege Escalation
Content: # Ensure environment is loaded if [ -z "$ARCHON_PASSPHRASE" ]; then if [ -f ~/.archon.env ]; then source ~/.archon.env else echo "Error: ARCHON_PASSPHRASE not set. Run create-id.sh first." exit 1
Confidence: 82% confidence
Finding: .env

Credential Access

High

Category: Privilege Escalation
Content: # Ensure environment is loaded if [ -z "$ARCHON_PASSPHRASE" ]; then if [ -f ~/.archon.env ]; then source ~/.archon.env else echo "Error: ARCHON_PASSPHRASE not set. Run create-id.sh first."
Confidence: 95% confidence
Finding: .env

Session Persistence

Medium

Category: Rogue Agent
Content: echo "Generating secure passphrase..." PASSPHRASE=$(openssl rand -base64 32 | tr -d '/+=' | cut -c1-32) # Create .archon.env echo "Creating ~/.archon.env..." cat > ~/.archon.env << EOF # Archon environment configuration
Confidence: 88% confidence
Finding: Create .archon.env echo "Creating ~/.archon.env..." cat > ~/.archon.env << EOF # Archon environment configuration # DO NOT COMMIT THIS FILE TO GIT # Wallet location (required by all archon-keymaster

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal