AG9
Security checks across malware telemetry and agentic risk
Overview
AG9 is a disclosed identity-verification skill that handles local agent keys and AG9 API calls in ways that match its stated purpose.
Install this only if you want AG9 identity registration or reverse-CAPTCHA verification. Protect ~/.ag9/identity.json and any AG9 private-key environment variables, confirm that only public key material, signatures, messages, timestamps, tokens, and challenge solutions are sent to AG9, and click the VeryAI registration link only if you are comfortable with palm-based human verification.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
2/61 vendors flagged this skill as malicious, and 59/61 flagged it as clean.