Agentic Supply Chain Orchestration

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable guide, but it teaches production deployment of autonomous procurement, escrow, and payment workflows with under-scoped safety controls.

Review before installing or using. Treat the examples as reference code, not production-ready automation: run only in sandbox first, keep the GreenHelix API key in a secrets manager with least-privilege scope, require human approval for escrow/payment/order changes, and add enforceable budget, reroute-depth, cooldown, compliance, audit, and kill-switch controls before connecting it to real procurement systems.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The guide explicitly states the examples are 'production-ready' and tells users to 'copy the code, set your API key, and deploy' without any accompanying security guidance on credential scoping, secret storage, rotation, or avoiding logs and client-side exposure. In a skill that centers on automated procurement and payments, this encourages unsafe handling of a credential that grants read/write access to external commerce operations.

VirusTotal

No VirusTotal findings

View on VirusTotal