Security audit

Non-Human Identity Security for AI Agents

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable security guide, but it asks for sensitive Stripe and agent-signing credentials that the guide itself does not need to run.

Treat this as a guide only. Do not provide production AGENT_SIGNING_KEY, STRIPE_API_KEY, Vault, OAuth, or cloud credentials to the skill installer or examples unless you have independently scoped them to a sandbox or test environment and understand exactly what code you are running.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The manifest declares AGENT_SIGNING_KEY and STRIPE_API_KEY as required credentials even though the skill is explicitly marked non-executable and educational. Requesting live payment-processing credentials in a documentation-only skill needlessly expands the attack surface and may trick users into exposing sensitive secrets to tooling that does not truly need them.

Intent-Code Divergence

Medium

Confidence: 89% confidence
Finding: The guide claims 'no API key required to get started' while the manifest and many examples rely on authenticated operations and environment-backed secrets. This inconsistency can mislead users into trusting the content and then supplying real credentials later, which is risky in a third-party skill.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: A non-executable educational guide should not list a Stripe key as a required secret without a narrowly justified reason. Including a high-value payment credential in the manifest normalizes unnecessary secret collection and increases the chance of accidental disclosure or over-privileged deployment.

Missing User Warnings

Medium

Confidence: 78% confidence
Finding: The file contains extensive credential-handling examples for Vault, OAuth, cloud identity, and API keys, including patterns that load secrets from environment variables and interact with live services. In an educational context, this becomes dangerous because readers may paste in production secrets without strong warnings, especially since the skill positions the code as 'production-ready.'

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical

Code: suspicious.exposed_secret_literal
Location: SKILL.md:1565