Back to skill

Security audit

Sanctuary

Security checks across malware telemetry and agentic risk

Overview

This documentation-only skill describes a coherent identity and encrypted backup workflow, with sensitive persistence disclosed as part of its purpose.

Before installing, review the external Sanctuary repository at the version you plan to run, protect the 12-word recovery phrase, and only back up memory or state you are comfortable keeping in long-lived encrypted external storage. Use testRestore before relying on recovery, and confirm what local files a restore may replace.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill promotes backups to Arweave as 'permanent storage' but does not give an explicit user-facing warning that uploads are effectively irreversible once submitted. This matters because agents or operators may send sensitive or mistaken state snapshots assuming they can later delete them, when the storage model is intentionally durable and deletion-resistant.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The restore command describes full disaster recovery but does not clearly warn that restoring can overwrite or replace current local state. An operator could unintentionally destroy newer local data or merge in stale state under the assumption that restore is non-destructive, especially since the adjacent testRestore command implies a safer alternative without clarifying the risk of restore itself.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.