FIS Architecture

Security checks across malware telemetry and agentic risk

Overview

This skill has a coherent multi-agent workflow purpose, but it needs review because it generates executable agent commands and local ticket-file paths from insufficiently constrained input.

Install only if you need Discord/OpenClaw multi-agent orchestration. Before use, restrict bot permissions to the necessary forum channels, avoid putting secrets in tickets or notes, review generated sessions_spawn and sessions_send commands before execution, and prefer a version that validates ticket IDs and safely serializes command arguments.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 92% confidence
Finding: The coordinator generates a hard-coded instruction telling the worker to confirm receipt with the Chinese phrase "收到任务，开始执行" regardless of user preference or worker context. This can improperly constrain agent output, create policy or usability issues, and in a multi-agent orchestration skill may cause unintended behavior if downstream systems assume language choice is user-driven or locale-aware.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal