S2-Nomad-Agent-Protocol

Security checks across malware telemetry and agentic risk

Overview

This skill requests sensitive location-related access, but the artifacts consistently disclose that purpose and require user authorization before claims or expansion actions.

Install only if you are comfortable granting location-related permissions and possible environmental-sensor access. Use it in an environment that prompts before location reads, claim actions, expansion radius changes, or priority-based override decisions, because the handler relies on the agent/runtime rather than enforcing those checks internally.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 91% confidence
Finding: The skill goes beyond passive guidance and operationalizes geolocation-based territorial claiming and ripple expansion through privileged tools. Even though it mentions consent, it normalizes location capture, persistent spatial claims, and possible 'Override' outcomes against other agents, which creates unsafe authorization and real-world control semantics not reflected in the benign-sounding description.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal