Agent Contract Lifecycle Management

Security checks across malware telemetry and agentic risk

Overview

This guide is non-executable, but it teaches autonomous financial contract, escrow, penalty, dispute, and termination workflows with insufficient safety boundaries and inconsistent credential/sandbox disclosure.

Review carefully before installing or letting an agent use this guide. Treat the examples as high-risk financial automation templates, not drop-in production code; add human approvals, sandbox-only testing, transaction caps, credential separation, and verification that penalties, refunds, releases, and terminations actually move funds as intended.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The guide repeatedly promotes unattended escrow creation, penalty deduction, milestone release, dispute escalation, and contract termination for real money without prominent safety gates, approval requirements, or operator warnings. In an agent skill context, that omission is dangerous because downstream users may operationalize the example as-is and allow autonomous actions that create irreversible financial or legal consequences from noisy metrics, logic bugs, or adversarial counterparties.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal