Back to skill

Security audit

Agent Content Licensing & Royalty Rails

Security checks across malware telemetry and agentic risk

Overview

This guide is not self-executing, but its runnable examples can use a GreenHelix key to make real registry, escrow, transfer, royalty, and dispute changes despite confusing sandbox/no-key wording.

Review before installing or using. Treat the examples as live GreenHelix API code, use sandbox and least-privilege credentials, verify GREENHELIX_API_URL before running anything, and do not run transfer, escrow, royalty, or dispute snippets against a real account unless you intend those changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The guide states that no API key is required and implies sandbox-only usage, but the examples read a real credential from the environment and allow endpoint selection via GREENHELIX_API_URL. This mismatch can cause users or agents to supply sensitive credentials and unintentionally interact with live services under the false assumption that the examples are harmless or sandboxed.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The text promises sandbox-only examples, while the implementation and comments describe production API usage and use a configurable base URL that can point to live infrastructure. In a skill context, this is security-relevant because agents may trust the documentation and execute examples against production systems, causing unintended data transmission or state changes.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The skill advertises itself as non-executing educational content, yet the embedded code performs real state-changing operations such as service registration, escrow creation, transfers, dispute handling, and royalty distribution. This is dangerous because users may paste or adapt the examples assuming they are inert demonstrations, when they can modify external systems and move funds.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.