Back to skill

Security audit

The Formal Gatekeeper: Z3-Verified Safety for Autonomous Agent Plans

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable educational guide for building a formal verification gatekeeper, with sensitive payment and signing concepts disclosed but not installed or run by the skill itself.

Safe to install as a guide. Treat any signing key or API key as sensitive if you implement the examples, start with the sandbox/free mode, set explicit payment caps before enabling x402 charges, and review cache retention so prior plans or policies are not kept unnecessarily.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The skill explicitly references sensitive material including AGENT_SIGNING_KEY and describes it as a key pair for request signing, but does not give strong handling guidance such as never embedding private keys in plans, logs, prompts, or client-side code. In an agent ecosystem, normalizing credential references without operational safeguards increases the risk of accidental secret exposure or misuse.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.destructive_delete_command

Documentation contains a destructive delete command without an explicit confirmation gate.

Warn
Code
suspicious.destructive_delete_command
Location
SKILL.md:1226