Back to skill

Security audit

Aegis Bridge

Security checks across malware telemetry and agentic risk

Overview

The skill is a real local agent-orchestration helper, but it gives delegated coding sessions broad authority and includes examples that automatically approve security prompts.

Install only if you trust the local Aegis bridge and the package resolved by npx. Prefer project-scoped MCP setup, inspect configuration changes before applying them, and do not use the provided auto-approval heartbeat as-is unless the repository and commands are tightly controlled. Review every permission and bash approval, avoid sending secrets through prompts or transcripts, and regularly clean up sessions and shared memory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill clearly instructs the operator to run shell commands (`curl`, `bash`, loops, session cleanup) and exposes a shell-capable workflow, but it does not declare permissions or safety boundaries for that capability. This increases the chance that the skill is invoked in contexts where users or agents do not realize it can perform system-impacting actions, including process control and command execution through the bridge.

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The description frames the skill as session orchestration, but the content also references MCP setup and external scripts that may inspect or modify Claude/MCP configuration and register services. That broader behavior materially expands trust and persistence impact because it can alter local agent configuration beyond a single orchestration task.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The trigger phrases include broad terms such as 'aegis', 'spawn session', and 'parallel agents', which can match ordinary user requests and cause unintended activation of a high-impact orchestration skill. Because this skill can create sessions, send prompts, and drive approvals, accidental invocation meaningfully raises risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill tells operators to approve permission prompts and bash approvals as part of normal workflow, but it does not prominently warn that these actions may execute arbitrary commands or grant trust to folders/tools. In an orchestration context, normalizing approval behavior can lead to unsafe authorization of destructive or privacy-impacting actions from downstream sessions.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The documented `/v1/sessions/:id/bash` endpoint enables arbitrary shell command execution within managed sessions, which is inherently dangerous in an agent orchestration skill. In this context, exposing command execution without prominent safety guidance increases the risk that downstream agents or users invoke destructive commands, leading to code tampering, data loss, or secret exposure.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The template automatically approves both permission prompts and plan prompts with no human verification, which defeats the safety gate those prompts are meant to provide. In this skill's context—supervising coding agents that may execute commands or change repositories—auto-approval can allow unintended or unsafe actions to proceed without review.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The example explicitly instructs users to auto-approve permission prompts, which weakens an important safety control intended to gate potentially dangerous actions. In a skill that orchestrates autonomous coding sessions and multi-agent workflows, normalizing blanket approval can allow file changes, command execution, or other privileged operations to proceed without human review.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.