SignPath

Security checks across malware telemetry and agentic risk

Overview

The skill is for SignPath and mostly fits that purpose, but it under-describes a security-sensitive signing action as if the skill were mainly for reading data.

Review before installing. Use it only if you intend the agent to operate a SignPath account through OOMOL, including submitting hash-signing requests. Require explicit confirmation of the exact payload, target policy/project, and expected signing effect before `fast_sign_hash` is run.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The manifest and description claim the skill is for 'searching and reading data', but the documented actions include `fast_sign_hash`, which submits a signing request and changes remote state. This mismatch can mislead an agent or user into treating the skill as read-only and executing a write-capable action without the higher scrutiny and confirmation such actions require.

Intent-Code Divergence

Medium

Confidence: 92% confidence
Finding: The safety section says read actions are safe to run directly, but the overall skill framing describes it as only for searching/reading while the skill actually exposes a write-capable signing action. In context, this inconsistent safety framing increases the chance that an agent will over-trust the skill and mishandle action selection or confirmation boundaries.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The action documentation explicitly enables a state-changing signing operation and promises to return a signature immediately, while the skill metadata says the skill should only be used for 'searching and reading data.' This mismatch can mislead an agent or reviewer into granting broader trust than warranted, resulting in unauthorized signing requests, misuse of signing credentials, or execution of high-risk operations under a read-only expectation.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The instruction to use this skill for ANY SignPath request is overly broad and encourages unconditional delegation to the skill regardless of task sensitivity or action type. Because the skill includes a state-changing signing operation, this broad routing language can steer agents into using a more privileged path than necessary without evaluating safer alternatives or confirming intent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal