S2 Spatial Element Layer & 4D Semantic Tensor Map

Security checks across malware telemetry and agentic risk

Overview

This looks local-only rather than malicious, but it needs review because it gives safety-sensitive robot-navigation guidance while overstating its time-validation safeguards.

Install only if you treat this as an experimental/local spatial-mapping aid. Do not rely on its Chronos or hazard directives for real robot control without adding timestamp validation, input allowlisting, and controlled-environment testing first.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 86% confidence
Finding: The skill text contains imperative instructions to retrieve data from `s2_material_tensor_library`, which implies file-read capability despite declaring no permissions. Hidden or undeclared read behavior undermines review, consent, and sandboxing expectations, and in an agent setting can become a path to unauthorized local data access or prompt-driven exfiltration if the library path or source is broader than intended.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 80% confidence
Finding: The skill's declared purpose materially differs from its apparent operational behavior, including producing robot intervention or costmap directives while claiming to be a generalized semantic tensor mapping system. This mismatch is dangerous because reviewers and downstream agents may grant trust, permissions, or deployment context based on the description, while the actual behavior can influence physical actions in a robotics/spatial domain without the promised safeguards or full data-model support.

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The code advertises Chronos time-slice validation but, in practice, only logs non-default timestamps and continues processing without enforcing any temporal constraints. In a robotics or hazard-intervention pipeline, this can cause stale, future-dated, or otherwise invalid semantic hazard data to be treated as current, leading to unsafe robot decisions based on incorrect world state.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal