Agent Identity Kit

Security checks across malware telemetry and agentic risk

Overview

This skill mostly does what it claims, but its validator can install external packages and has unsafe fallback path handling that warrants review before use.

Install only if you are comfortable reviewing the shell scripts first. Prefer installing ajv-cli or jsonschema yourself in an isolated environment, avoid validating files with untrusted or unusual path names, and do not run init.sh on a path containing important existing data unless you intend to overwrite it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The script is presented as a validator, but in the Python fallback it will automatically run `pip install jsonschema` if the dependency is missing. That introduces unexpected network access and code installation during what appears to be a read-only validation step, which can violate least surprise and expand supply-chain risk if package sources or execution environments are untrusted.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The validator performs package installation without prior warning or user consent when `jsonschema` is unavailable. In agent or CI environments, this can trigger unreviewed code retrieval and execution from external repositories, creating supply-chain and policy-compliance risk beyond simple schema validation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal