Coverify

Security checks across malware telemetry and agentic risk

Overview

This is a local text-analysis skill with some overstated claims and local report retention, but no hidden execution, credential access, network use, or destructive behavior.

Install only if you want a local heuristic verifier for commitment-token drift. Avoid running highly sensitive prompts unless you are comfortable with local report files being written, and treat its classifications as advisory rather than cryptographic or governance-grade proof.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill advertises executable commands that invoke Python and appears to use persistent state directories, which implies shell execution and likely file writes, yet no corresponding permissions are declared. This creates a trust and sandboxing problem: an installer or runtime may treat the skill as low-privilege while it actually performs side-effecting operations, increasing the risk of unexpected filesystem changes or command execution.

Description-Behavior Mismatch

Medium

Confidence: 89% confidence
Finding: The script persistently stores analysis outputs under ~/.openclaw/governance/model_swap_tests, including hashes and extracted kernels derived from user-provided signal text. In a verification tool context, this creates an unexpected local data-retention surface that can expose sensitive prompts, commitments, or semantic extracts to other local users, backups, or later compromise.

Intent-Code Divergence

High

Confidence: 93% confidence
Finding: The code labels a result as STRUCTURAL and claims both models leaked the same pattern, but ghost_diff only measures tokens present in the local kernel and absent from the other kernel. This can produce materially false security conclusions, causing analysts to misclassify variance as a shared leak and make incorrect governance or incident decisions.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The script writes detailed kernels, model metadata, timestamps, and input hashes to a persistent file by default without explicit warning or consent. In this skill's context, those kernels may encode sensitive semantic content from user inputs, so default retention increases privacy risk and creates a local disclosure trail beyond the expected analysis action.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal