Agent-manager-for-AI-planner

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent AI orchestration service, but its multi-tenant access controls and callback allowlist behavior are under-scoped for the sensitive run data and mutation endpoints it exposes.

Install only after reviewing deployment settings. For shared or network-exposed use, require strong run tokens, add owner checks before exposing run ids, keep tool registration disabled unless needed, avoid OUTBOUND_ALLOW_ALL, and verify callback destinations are restricted by the intended allowlist.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 98% confidence
Finding: This test enforces a repository-wide English-only policy by failing when any CJK characters appear in README.md, src, or tests. In a skill or agent ecosystem, this creates an exclusionary content gate that can block multilingual documentation, localized tests, or legitimate non-English text, and it can be misused to suppress internationalization or contributions from non-English speakers.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal