Back to skill

Security audit

Bridge

Security checks across malware telemetry and agentic risk

Overview

Bridge is a coherent local escrow/proof API, but it is too under-scoped for real payment or sensitive location-photo verification workflows.

Install only for local experimentation or review. Do not use it for real payments, production escrow, or sensitive human-location/photo workflows until it has real authentication, authorization, HTTPS deployment guidance, cryptographic signature verification, privacy controls, and stricter escrow state handling.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
99% confidence
Finding
This is a true vulnerability: the function claims to verify a cryptographic signature but actually accepts any non-empty string. In an escrow-by-invariants system, that lets an attacker satisfy a supposedly strong verification criterion with forged data, potentially causing unauthorized task acceptance or payment release.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly collects and transmits sensitive real-world proof data including precise GPS coordinates, photos, timestamps, and signatures, but the documentation does not warn users about the privacy and safety implications of sharing this information. In this skill’s context, that omission is significant because the entire workflow is built around handling location-linked evidence for physical-world tasks, which can expose users to tracking, doxxing, or misuse of personal data.

External Transmission

Medium
Category
Data Exfiltration
Content
## Submit proof and verify

```bash
curl -s -X POST http://localhost:8015/v1/tasks/TASK_ID/verify \
  -H "Content-Type: application/json" \
  -d '{
    "worker_id": "worker-1",
Confidence
84% confidence
Finding
curl -s -X POST http://localhost:8015/v1/tasks/TASK_ID/verify \ -H "Content-Type: application/json" \ -d

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.