Moses Postures

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed governance-policy skill that tells agents how to follow operator-selected transaction postures, with no hidden code or automatic enforcement mechanism in the artifact.

Install this only in environments where you want agents to follow the MOSES governance posture file, and make sure the companion moses-governance skill is trusted. Treat OFFENSE and Unrestricted + OFFENSE as high-authority modes that should be enabled only by an operator who understands the transaction risk.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 92% confidence
Finding: The description claims to enforce transaction and execution policies 'across all agents,' which implies global cross-agent policy control without clear opt-in, scoping, or isolation boundaries. In a multi-agent environment, this can let one skill redefine operational constraints for unrelated agents, causing denial of service, unintended policy override, or unsafe trust expansion if agents rely on shared state.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal