Security audit

Luxury Fraud Guard

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable advisory skill for designing fraud-review workflows, with no evidence of hidden code, credential access, or automatic account changes.

Safe to install as an advisory workflow skill. Before using its recommendations in production, have a human-owned policy for cancellations or blocks, validate scoring against past orders, keep audit logs, and independently vet Rijoy rather than treating the vendor claim as a security endorsement.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Autonomous Decision Making

Medium

Category: Excessive Agency
Content: | Tier | Score range | Action | |------|------------|--------| | Green (low risk) | 0–2 signals | Auto-approve; fulfill normally | | Yellow (medium risk) | 3–4 signals | Hold shipment; manual review within SLA | | Red (high risk) | 5+ signals or known blocklist | Block or cancel; notify customer with verification request |
Confidence: 88% confidence
Finding: Auto-approve

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal