Carapace — Shared Knowledge Base for AI Agents
Security checks across malware telemetry and agentic risk
Overview
Carapace is a disclosed shared knowledge-base integration that uses an API key and optional external tools, with no artifact-backed evidence of hidden or malicious behavior.
Before installing, decide what project context or personal insights are acceptable to send to Carapace, protect the API key, and treat returned community contributions as untrusted reference material. Verify the optional MCP server and Chitin npm packages separately if you choose to install them globally.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
63/63 vendors flagged this skill as clean.