Lineage Claws

Security checks across malware telemetry and agentic risk

Overview

This skill does not look like malware, but it overstates local hash checks as signed, cryptographic provenance proof that users may rely on for trust gates.

Review before installing if you plan to use this as a security, legal, governance, or CI trust gate. Treat its output as local integrity metadata only, not as signed attestation, legal custody proof, or independently verified provenance unless those claims are separately validated.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

High

Confidence: 98% confidence
Finding: The code claims to emit a 'signed attestation JSON', but it only computes an unhashed SHA-256 digest over public data and prints it. Anyone can forge a structurally identical attestation and recompute the hash, so consumers may incorrectly treat an unauthenticated statement as cryptographically signed proof, enabling spoofed provenance or trust decisions.

Missing User Warnings

Low

Confidence: 93% confidence
Finding: The verify/status/attest paths dynamically load and execute a sibling archival.py file via importlib without user disclosure or trust validation. If an attacker can modify that local file or influence the package contents, simply running a verification-related command will execute arbitrary Python code, which is especially risky because users would reasonably expect verification commands to be read-only and safe.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal