Age Verification

Security checks across malware telemetry and agentic risk

Overview

The skill is a small, disclosed age-verification guide, but real deployments should handle identity and face data carefully.

Before installing or building on this skill, inspect the referenced npm package, pin a trusted version, and ensure any real age-verification flow uses clear consent, minimal data collection, secure storage and transport, short retention, deletion procedures, and vetted third-party providers.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly supports document verification, face-based age estimation, and third-party identity checks, but the description does not warn users that highly sensitive identity documents and biometric data may be collected, processed, or shared. In an age-verification context this omission is meaningful because users may provide passports, IDs, or facial data without understanding privacy, consent, retention, or third-party processing implications.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal