Agent Testing & QA Toolkit: Integration, Chaos, and Contract Testing for Multi-Agent Systems

Security checks across malware telemetry and agentic risk

Overview

This is a non-executing testing guide, but copied examples could affect real GreenHelix accounts or funds if run with production credentials.

Treat this as a guide, not trusted automation. Keep examples in sandbox or staging by default, never record cassettes with production keys or secrets, review cassette diffs before committing, and require explicit approval before production deploys, canary rollouts, escrow releases, or wallet-affecting tests.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 81% confidence
Finding: The guide includes deployment and environment-key patterns that use live API keys and financially meaningful operations, but it does not place a strong, repeated warning at the point of use that non-sandbox execution may affect real funds. In a commerce/escrow context, readers may copy these snippets into CI/CD or staging with production-like credentials, causing unintended spend or live account changes.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal