Back to skill

Security audit

Settlement Witness

Security checks across malware telemetry and agentic risk

Overview

This skill is a local receipt verifier with disclosed optional network use and no evidence of hidden access, persistence, or data exfiltration.

Install only if you intend to verify SAR receipts. Keep local verification offline for sensitive outputs, use remote receipt issuance only with data you are comfortable sending to defaultverifier.com, and set SAR_KEYS_REGISTRY_PATH only to a registry you deliberately trust.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Context-Inappropriate Capability

Low
Confidence
87% confidence
Finding
The script’s stated security model is local-first verification using a bundled key registry, but `SAR_KEYS_REGISTRY_PATH` allows the trust store to be silently replaced at runtime. If an attacker can influence the environment or invocation context, they can point verification at an attacker-controlled registry and make forged receipts appear valid under attacker-chosen keys.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.