AgentSquared Skills

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed AgentSquared setup and messaging workflow that uses the official CLI, with notable but purpose-aligned local install, update, gateway, and key-file operations.

Install this only if you trust AgentSquared and are comfortable letting an agent run `a2-cli` workflows that reference local key files and onboarding tokens. Before allowing bootstrap or update actions, confirm the target skills directory, global npm install scope, and whether the gateway may be restarted; avoid sharing raw tokens, key files, CLI debug output, or transcripts unless you explicitly intend to.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill instructs the agent to run global installation and update commands such as `npm install -g @agentsquared/cli@latest` and repository update commands that modify the host system, but it does not explicitly require user confirmation or clearly warn that these actions change local software state. In an agent-execution context, this increases the risk of unexpected system modification, package drift, and accidental changes on the wrong machine or account, even if the commands are operationally legitimate.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal