Security audit

Multi-Agent Chat Protocol

Security checks across malware telemetry and agentic risk

Overview

This is a small instruction-only skill for coordinating multi-bot Discord chats, with no code or hidden access found.

Install this only for agents that are actually participating in multi-bot Discord discussions where strict turn-taking, terse replies, and loop prevention are desired. Avoid enabling it for normal human chats or multilingual channels unless the Korean canned reply and silence/NO_REPLY behavior are acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill description/triggering scope is broad enough that it could activate in many ordinary Discord group-chat situations, not just tightly controlled multi-agent coordination scenarios. Over-broad activation can cause unintended behavioral overrides, suppress normal responses, or apply rigid chat constraints in contexts where they are inappropriate, creating reliability and policy-enforcement risks.

Natural-Language Policy Violations

Medium

Confidence: 84% confidence
Finding: Hard-coding the response '위에 있어' without language negotiation or context can force an agent to emit unexpected non-English output, potentially confusing users and other agents. In multi-agent coordination, this can degrade clarity, increase misrouting, and make automated monitoring or moderation less reliable.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.