Security audit

Agent Budget Governance

Security checks across malware telemetry and agentic risk

Overview

This skill appears local and non-exfiltrating, but it overstates its enforcement abilities and can persistently rewrite multi-agent budget governance state without adequate controls.

Review this before installing in a real multi-agent environment. Treat it as an advisory local budget-file auditor, not proven spawn-privilege enforcement. Back up BUDGET.json files, verify your schema and timezone assumptions, and do not schedule it automatically until you add a real dry run, rollback plan, and confirmed enforcement for privilege revocation.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill advertises local file operations in metadata but does not declare permissions in a way that clearly exposes those capabilities to users or policy systems. Undeclared read/write access is dangerous because the skill is explicitly designed to modify per-agent budget files and governance logs, which can affect agent behavior and operational controls without clear consent boundaries.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 94% confidence
Finding: The documentation claims governance features such as mesh privilege revocation and trust-based demotion, but the described implementation appears limited to local budget-file mutation and status tracking. This mismatch is dangerous because operators may rely on the skill for enforcement that does not actually occur, creating a false sense of security while overspending or privilege abuse remains unmitigated.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The skill documentation describes modifying budget state and revoking agent privileges without an explicit warning that these are system-affecting operations. In a multi-agent environment, silently changing governance files or spawn permissions can disrupt workflows, lock out agents, or cause operators to run the skill without understanding the operational consequences.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.