Niftyagents

Security checks across malware telemetry and agentic risk

Overview

The core SVG signing tool appears legitimate, but it needs review because it gives risky access-token advice and misdescribes plaintext demo key storage as encrypted.

Review before using this for real assets or access control. The core signing and verification functions look purpose-aligned, but do not use the demo vault for valuable keys, and do not treat SVG ownership as sufficient authorization for APIs, compute, credits, or paid resources unless you add scoped credentials, short lifetimes, revocation, replay protection, audit logging, and explicit user control.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill declares no required environment permissions, yet the analyzed capability set indicates shell and environment access. This mismatch can cause host applications to grant or invoke more powerful behavior than users expect, undermining least-privilege controls and making it easier for hidden file, process, or secret-access behavior to occur without informed consent.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 95% confidence
Finding: The documented purpose is a cryptographic SVG protocol, but the code reportedly also runs a web server, performs filesystem I/O, stores secret keys locally, and generates artifacts on disk. That behavior expansion is security-relevant because it introduces network exposure, persistence of sensitive material, and local side effects that a user would not reasonably infer from the description, increasing the chance of unsafe deployment and secret leakage.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The README explicitly promotes transferable SVGs as cryptographic access keys for private APIs or GPU clusters without clear guidance on scope limitation, revocation, replay resistance, or the danger of embedding secrets in portable artifacts. In this skill's context, autonomous agents may treat the pattern as an implementation recommendation, which could lead to bearer-style credentials being shared or resold and then abused for unauthorized access.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: This code persists a private signing key to disk in plaintext JSON (base64 is only encoding, not encryption). If the local filesystem, backups, logs, container volume, or developer workstation are exposed, an attacker can recover the key and impersonate the agent or forge signatures for asset operations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal