Back to skill

Security audit

Shinewilzhang Veadk Skills

Security checks across malware telemetry and agentic risk

Overview

This VeADK helper generates or converts agent code and openly saves the resulting local files; the main risk is accidental overwrite from its simple save script.

Install this only if you want a helper that writes generated VeADK agent code locally. Run it in a dedicated project workspace, review exact target paths before saving, and inspect generated code before executing it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill instructs the agent to invoke `python save_file.py --path ... --content ...` to write generated code to an arbitrary path, but no permissions are declared to signal or constrain filesystem access. This creates a real capability/permission mismatch: the agent may perform local file writes without explicit user awareness, policy gating, or path restrictions, increasing the risk of overwriting files or planting code artifacts.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The skill is described as generating/converting VeADK agents, but it also directs the agent to save artifacts to the local filesystem, including creating package files and writing code content. This behavior is more sensitive than the high-level description suggests, so users may invoke the skill expecting advisory help while the agent performs persistent local modifications.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger conditions are broad enough to match ordinary requests about building agents or converting workflows, which raises the chance that the skill activates in situations where the user only wanted discussion, review, or partial assistance. Because the skill can culminate in filesystem writes, overbroad triggering increases the likelihood of unintended code generation and persistence.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill documentation includes writing `__init__.py` and `agent.py` via a save script, but it does not clearly warn the user that local files may be created or overwritten. This lack of transparency is dangerous because generated code is persistent and may replace existing project files or introduce unsafe code without an explicit save confirmation.

VirusTotal

55/55 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.