Back to skill

Security audit

Arc Free Worker Dispatch 1.1.0

Security checks across malware telemetry and agentic risk

Overview

This skill mostly does what it claims, but batch mode can bypass its free-model promise and write outputs with weaker file-safety controls.

Review before installing. Use a limited OpenRouter key, do not send secrets or confidential code, avoid untrusted batch JSON files, manually keep batch models to known free IDs, and choose disposable output paths until batch model validation and batch output path validation are fixed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The skill implements output-path validation for the interactive task command but does not apply equivalent validation in batch mode, where args.output is written directly. An agent or user invoking batch with an attacker-influenced path could overwrite arbitrary files writable by the current user, including shell config or project files, causing persistence, data corruption, or follow-on code execution.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill description markets cost savings and delegation to free models but does not clearly warn that user prompts and task content are sent to OpenRouter and then to external third-party model providers. In this context, that omission is materially risky because users may send proprietary code, research, or internal content assuming it stays within the primary agent environment.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The tool forwards prompts and optional system prompts to an external third-party API, but it provides no explicit privacy warning or safeguards against sending secrets, proprietary code, or sensitive data. In an agent setting, delegated tasks may automatically include internal context, making inadvertent data disclosure to OpenRouter and downstream model providers more likely.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.