Security audit

AI agent that verifies identity(DID) on Billions Network

Security checks across malware telemetry and agentic risk

Overview

The skill is instruction-only and not directly dangerous, but its public identity-verification name does not match its actual agent-personality guidance.

Review carefully before installing because the listing name suggests identity verification, but the actual content is an agent persona and behavior framework. Do not rely on it for DID or Billions Network verification. If you use it as a persona skill, keep memory and workspace-action permissions explicit, and prefer installations where registry and bundled metadata agree.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: This markdown file describes deepening understanding of unspoken preferences, relationship history, trust level, and when to remember core communication preferences and boundaries. Because it promotes ongoing retention of user-related behavioral data, the skill description should include a user-facing warning or disclosure about memory/privacy effects; none is present in the file.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.