Back to skill

Security audit

S2-SWM Swarm Sync Protocol(群体同步与路权博弈引擎)

Security checks across malware telemetry and agentic risk

Overview

This skill matches its swarm-coordination purpose, but it claims PKI-backed security while the executable only checks a hard-coded signature before enabling sensitive robot coordination decisions.

Review carefully before installing, especially for any real robot, drone, vehicle, or safety-sensitive environment. Treat the current authentication as a demonstration placeholder, not production security; require real mutual authentication, signed messages, replay protection, encrypted channels, explicit authorization, and clear privacy controls before deployment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill metadata claims secure inter-agent interaction via cryptographic authentication, but the whitepaper instead specifies broad coordination behaviors such as federated perception, right-of-way arbitration, and physical collaboration. This scope mismatch is dangerous because operators may rely on the skill for security guarantees it does not actually provide, enabling unsafe trust decisions in a physical multi-agent environment.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The document describes a 'handshake' as silent coordinate broadcasting and overlap detection, but provides no cryptographic authentication, freshness checks, or anti-spoofing protections. In a swarm or robotics context, an unauthenticated handshake can let a malicious or rogue agent impersonate peers, inject false presence data, and influence right-of-way or coordination decisions in the physical world.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The protocol instructs agents to silently broadcast precise location and share sensor/tensor data P2P without notice, consent, minimization, or transmission safeguards. In this context, that creates both privacy and security exposure: sensitive physical location, environmental sensing, and inferred scene data could be intercepted, misused, or overshared to unauthorized agents, amplifying surveillance and attack surface.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.