Back to skill

Security audit

Agentlink Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed cloud sandbox automation tool, but it asks agents to use broad browser, desktop, code-execution, and raw tool-call authority with limited user-control guidance.

Install only if you intend to route browsing, website login/form actions, code execution, and Windows desktop automation through China Mobile AgentLink's cloud sandbox. Require explicit user approval before entering credentials, uploading files, installing packages, deleting files, killing processes, editing the registry, or using direct MCP tool calls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs agents to proactively invoke it for broad, common categories like browsing, code execution, file operations, and desktop control, without meaningful scoping or approval requirements. That increases the chance of unnecessary delegation to a high-privilege remote sandbox, which can expand attack surface, enable unintended execution, and bypass safer local or lower-privilege handling paths.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill advertises capabilities including JS execution, shell commands, PowerShell/Python execution, file operations, process management, and later even registry manipulation, but provides no built-in warning, consent, or confirmation guidance for risky actions. In an agent setting, documenting powerful actions without safety interlocks can normalize unsafe execution patterns and lead to destructive or privacy-impacting operations being performed automatically.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The project description advertises broad high-risk capabilities including browser automation, Windows desktop control, and code execution, but it does not state meaningful activation constraints, authorization requirements, or safety boundaries. In the context of an agent skill, this can encourage overly permissive invocation and expand the chance of unsafe use such as unsolicited browsing, system interaction, or execution of untrusted commands.

MCP Config Access

High
Category
Agent Snooping
Content
for tool in result.data:
    print(tool["name"], "-", tool.get("description", ""))

# List all MCP tools in the Windows sandbox
result = al.list_tools(IMAGE_WINDOWS)

# Call any MCP tool directly (sandboxId auto-injected)
Confidence
90% confidence
Finding
List all MCP tools

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.