Back to skill

Security audit

Multi-Agent Chat Protocol

Security checks across malware telemetry and agentic risk

Overview

This is a small instruction-only skill for coordinating multi-bot Discord chats, with no code or hidden access found.

Install this only for agents that are actually participating in multi-bot Discord discussions where strict turn-taking, terse replies, and loop prevention are desired. Avoid enabling it for normal human chats or multilingual channels unless the Korean canned reply and silence/NO_REPLY behavior are acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill description/triggering scope is broad enough that it could activate in many ordinary Discord group-chat situations, not just tightly controlled multi-agent coordination scenarios. Over-broad activation can cause unintended behavioral overrides, suppress normal responses, or apply rigid chat constraints in contexts where they are inappropriate, creating reliability and policy-enforcement risks.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
Hard-coding the response '위에 있어' without language negotiation or context can force an agent to emit unexpected non-English output, potentially confusing users and other agents. In multi-agent coordination, this can degrade clarity, increase misrouting, and make automated monitoring or moderation less reliable.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.