Back to skill

Security audit

The Agent Insurance Playbook

Security checks across malware telemetry and agentic risk

Overview

This is a non-executing guide, but it understates credentials and live financial API effects in examples that can create or change wallets, payments, claims, webhooks, and audit records.

Treat this as a high-impact financial integration guide, not inert documentation. Before installing or using it, confirm the endpoint is sandbox, use least-privilege test tokens, avoid real funds and real claim or identity data, set spending limits, and require human approval before creating wallets, payments, disputes, settlements, ledger entries, organizations, or webhooks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The guide explicitly says it does not require credentials and that the sandbox needs no API key, yet the examples instantiate a Bearer-token client and direct requests to an external service. That mismatch can cause users or downstream agents to trust the document as low-risk while actually supplying credentials and transmitting operational or financial data off-platform.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
Claiming that all examples use a sandbox with no API key required is contradicted by the provided client constructor, which requires an api_key and sets an Authorization: Bearer header for every request. This can mislead users into exposing secrets or assuming examples are inert when they actually perform authenticated remote operations.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The manifest labels the skill as a non-executable educational guide with no credentials, but the body contains runnable code that creates wallets, deposits funds, files disputes, configures webhooks, and otherwise mutates external insurance/payment resources. This safety-signaling discrepancy increases the chance that an agent or user will execute the examples under a false assumption that the content is passive documentation.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The guide encourages live API use with Bearer tokens for workflows involving payments, identity, claims, trust scores, and compliance data, but does not warn about transmitting sensitive business and financial information to a third-party service. In a high-sensitivity insurance context, omission of data-handling and privacy warnings materially increases operational and compliance risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.