Back to skill

Security audit

Moses Roles

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed instruction-only role governance skill, with one documentation clarity issue around an optional secret.

Install only if you want persistent multi-agent role sequencing. Review any AGENTS.md changes before applying them, keep the governance state file under your control, do not set MOSES_OPERATOR_SECRET unless you need local signing, and review the companion moses-governance bundle before relying on its audit script.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The skill documentation states that no secrets or environment variables are required, while the manifest explicitly declares a sensitive variable, MOSES_OPERATOR_SECRET, for an HMAC signing gate. This inconsistency can mislead operators during installation and review, causing them to underestimate the skill's secret-handling surface and miss security controls around secret provisioning and auditing.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
A sensitive environment variable is declared in the skill metadata without a corresponding warning or operational guidance in the user-facing instructions. Even if marked optional and 'never transmitted,' undeclared secret usage increases the risk of accidental exposure, unsafe configuration, or trust in undocumented behavior, especially in a governance-oriented skill that influences agent behavior across responses.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.