Pa Status

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed PA status-reporting skill with limited local file reading and optional scoped WhatsApp reachability pings, but its health logic should be tightened before relying on it operationally.

Install only if you intend to maintain a PA network dashboard from a local directory. Secure data/pa-directory.json, require admin confirmation before WhatsApp pings, confirm PAs have consented to reachability checks, and update the script so last_seen and calendar_connected affect the health result before using it for operations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (4)

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The skill documents health checks for `last_seen` and `calendar_connected`, but the script does not enforce those conditions when determining health. This creates a false sense of coverage: administrators may believe stale or disconnected PAs are healthy, leading to missed outages or operational blind spots.

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: The skill description promises activity, billing, and calendar verification, but the implemented health logic only checks status and billing. This mismatch can cause operators to rely on incomplete monitoring output, potentially missing degraded service conditions that the skill claims to detect.

Context-Inappropriate Capability

Medium

Confidence: 84% confidence
Finding: The skill's primary purpose is a read-only status dashboard from a local JSON file, yet it also instructs the agent to send outbound WhatsApp messages. That expands the skill from passive reporting into active messaging, which can create unintended external side effects, spam/noise, and a path for unnecessary contact with users or systems based on potentially incorrect issue classification.

Vague Triggers

Medium

Confidence: 80% confidence
Finding: The trigger phrase "what's the status?" is broad and likely to appear in ordinary conversation, increasing the chance that the skill runs unintentionally. In an agent environment, overly generic triggers can cause misfires, unexpected data access, or execution of associated follow-on actions without clear user intent.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal