Security audit

Artifact Signing

Security checks across malware telemetry and agentic risk

Overview

This skill appears to perform the disclosed local artifact-signing task, but users must handle private keys carefully and should not treat it as certificate-backed signing.

Install only if you intend to let an agent sign local artifacts. Use a limited-purpose signing key, prefer encrypted or hardware-backed key storage, verify exact input and output paths before signing, and do not rely on this skill for certificate-chain identity guarantees unless certificate support is added.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 83% confidence
Finding: The skill documentation exposes shell-executable behavior but does not declare any permissions, which creates a transparency and governance gap. In agent environments, undeclared shell capability can lead to unexpected execution of local scripts against sensitive files such as private keys, reducing oversight and making misuse harder to detect.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 72% confidence
Finding: The documented purpose says the skill signs artifacts using a digital certificate and private key, but the described behavior indicates it also performs other cryptographic actions and does not actually require or use a certificate. This mismatch can mislead operators about trust guarantees, causing them to assume certificate-backed identity validation when the tool may only produce raw key-based signatures.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The example code explicitly serializes the private key with `NoEncryption()` and writes it to `private_key.pem`, creating an unencrypted private key on disk. In a signing skill, that key is highly sensitive: if the file is copied, leaked, or left on a shared system, an attacker can sign arbitrary artifacts and undermine trust in produced signatures.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal