Security audit

Verfi

Security checks across malware telemetry and agentic risk

Overview

The skill matches its consent-verification purpose, but it documents broad tracking, cross-tenant session lookup, and consent-record mutation that users should review carefully.

Before installing, confirm Verfi's legal basis, privacy notices, data-processing terms, and tenant authorization model. Use the SDK only on intended consent forms, keep secret keys server-side with minimum scopes, avoid automatic bulk claim or unclaim actions without confirmation, and review the MCP package before giving it an API key.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The documented `GET /sessions/{verfiID}` endpoint explicitly allows cross-tenant lookup of any session, which breaks normal tenant-isolation expectations for a consent-management system. Even if limited by scope and optional hashed email/phone verification, exposing session existence, tenant identifiers, timestamps, and verification metadata across tenants enables unauthorized enumeration and privacy-sensitive data access.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly states that the SDK auto-records mouse movements, clicks, keystrokes, and scroll activity, but does not include a clear user-facing disclosure, consent requirement, or data-minimization guidance. In a consent-verification context, silently collecting broad behavioral telemetry can itself create privacy, wiretapping, and compliance risk, especially if keystrokes or interaction data capture sensitive information.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The API reference combines cross-tenant session lookup with proof retrieval capabilities that expose rich behavioral and device-derived data, including user agent, page URL, referrer, interaction metrics, and hashed identifiers. Although some PII is hashed, this is still sensitive consent-proof data, and the documentation does not describe safeguards, minimization, or privacy boundaries, making misuse and overcollection risks substantial.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The documentation instructs integrators to deploy an SDK that records extensive behavioral telemetry, form interactions, device metadata, and hashed PII, but it does not clearly warn that this level of collection may require prominent disclosure and legally valid user consent before activation. In a compliance-focused lead-generation context, omitting that warning can cause downstream users to deploy privacy-invasive tracking by default, creating regulatory, contractual, and reputational risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.