Back to skill

Security audit

Locking Down Agent Commerce: The OWASP-Aligned Security Guide for Autonomous AI Agents on GreenHelix

Security checks across malware telemetry and agentic risk

Overview

This is a non-running security guide, but its credential requirements and copy-paste examples could lead users to handle signing and payment secrets unsafely.

Review before installing or using with live systems. It is reasonable to read as a guide, but do not provide production GreenHelix, Stripe, or signing keys just to view it. If you copy examples, replace in-process or environment-based private-key handling with an isolated signer, KMS/HSM, or secret manager, and fix the mutual-authentication example to fail closed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The guide states agents should never hold raw private keys directly, but the example wiring loads a base64 private key into the application process and passes it to SecureAgent. That undermines the documented isolation model and increases the chance that a compromised agent runtime, prompt-injection-assisted file/env read, crash dump, or debug log could expose signing material.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The mutual_verify example claims both parties must prove control of their keys, but the actual signature verification is commented out and the function returns True regardless. Readers may copy this pattern and believe they implemented mutual authentication when they have only sent a challenge and performed a non-blocking claim-chain lookup.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.