Back to skill

Security audit

Async Agent Commerce: Event-Driven Patterns for Autonomous Transactions

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable educational guide for async commerce patterns, but users should treat the financial workflow examples as illustrative and add production safeguards.

Install this only if you want an educational guide for building async agent-commerce workflows. Before adapting the examples, use sandbox mode, verify event/webhook authenticity, add idempotency to every state-changing call, set spending and counterparty limits, maintain audit logs, and require human or policy approval for high-value escrow releases or disputes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The class docstring promises guaranteed delivery and ordered processing, but the implementation does not actually provide those guarantees. This can cause downstream developers to build financial workflows assuming stronger messaging semantics than exist, leading to missed, duplicated, or out-of-order event handling in escrow and saga flows.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The dead-letter queue computes a retry delay but sets next_retry_at to the current time instead of now plus delay, so failed events may be retried immediately in a tight loop. In an event-driven commerce system, that can amplify failures, overwhelm dependencies, defeat backoff protections, and rapidly exhaust retry budgets during incidents.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The guide includes automated escrow release and dispute-opening logic without prominent safety warnings, approval gates, or strong guardrails for operations involving real funds and legal/financial actions. In this skill context, readers may adopt the example directly, causing autonomous release of money or disputes based on incomplete, spoofed, or erroneous events.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.