Back to skill

Security audit

VeraData — LATAM Compliance API

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed remote compliance API skill with sensitive-data and micropayment considerations, but the behavior is coherent with its stated purpose and no hidden or destructive behavior was found.

Install only if you are comfortable sending sanctions, KYB, registry, or rates queries to VeraData's hosted service and allowing x402 USDC micropayments under your agent's controls. Use trial mode or set explicit approval and budget limits before enabling paid calls or the remote MCP server, and avoid submitting regulated personal or business data unless your organization approves the provider's retention and audit model.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (12)

Vague Triggers

Medium
Confidence
73% confidence
Finding
The skill uses very broad invocation language ('use this skill whenever a task involves...'), which can cause agents to route sensitive compliance, KYC/KYB, sanctions, and registry tasks to this external service by default. In this context, overbroad triggering increases the chance of unnecessary third-party data disclosure and autonomous paid actions for tasks that may not require this provider.

External Transmission

Medium
Category
Data Exfiltration
Content
author: teodorofodocrispin-cmyk
  version: "2.3.2"
  base_url: https://api.veradata.dev
  health: https://api.veradata.dev/health
  x402_discovery: https://api.veradata.dev/.well-known/x402
  llms_txt: https://api.veradata.dev/llms.txt
  openapi: https://api.veradata.dev/openapi.json
Confidence
96% confidence
Finding
https://api.veradata.dev/

External Transmission

Medium
Category
Data Exfiltration
Content
version: "2.3.2"
  base_url: https://api.veradata.dev
  health: https://api.veradata.dev/health
  x402_discovery: https://api.veradata.dev/.well-known/x402
  llms_txt: https://api.veradata.dev/llms.txt
  openapi: https://api.veradata.dev/openapi.json
  mcp: https://api.veradata.dev/mcp
Confidence
96% confidence
Finding
https://api.veradata.dev/

External Transmission

Medium
Category
Data Exfiltration
Content
base_url: https://api.veradata.dev
  health: https://api.veradata.dev/health
  x402_discovery: https://api.veradata.dev/.well-known/x402
  llms_txt: https://api.veradata.dev/llms.txt
  openapi: https://api.veradata.dev/openapi.json
  mcp: https://api.veradata.dev/mcp
  payment_networks:
Confidence
96% confidence
Finding
https://api.veradata.dev/

External Transmission

Medium
Category
Data Exfiltration
Content
health: https://api.veradata.dev/health
  x402_discovery: https://api.veradata.dev/.well-known/x402
  llms_txt: https://api.veradata.dev/llms.txt
  openapi: https://api.veradata.dev/openapi.json
  mcp: https://api.veradata.dev/mcp
  payment_networks:
    base: "eip155:8453 — USDC 0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913"
Confidence
95% confidence
Finding
https://api.veradata.dev/

External Transmission

Medium
Category
Data Exfiltration
Content
x402_discovery: https://api.veradata.dev/.well-known/x402
  llms_txt: https://api.veradata.dev/llms.txt
  openapi: https://api.veradata.dev/openapi.json
  mcp: https://api.veradata.dev/mcp
  payment_networks:
    base: "eip155:8453 — USDC 0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913"
    solana: "solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp — USDC EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v"
Confidence
95% confidence
Finding
https://api.veradata.dev/

External Transmission

Medium
Category
Data Exfiltration
Content
### 5. Operator Verification

- **GitHub:** https://github.com/teodorofodocrispin-cmyk
- **Health:** https://api.veradata.dev/health
- **x402 discovery:** https://api.veradata.dev/.well-known/x402
- **Contact:** teodorofodocrispin@gmail.com
- **ERC-8299 conformance:** https://github.com/babyblueviper1/preaction-governance-conformance
Confidence
92% confidence
Finding
https://api.veradata.dev/

External Transmission

Medium
Category
Data Exfiltration
Content
- **GitHub:** https://github.com/teodorofodocrispin-cmyk
- **Health:** https://api.veradata.dev/health
- **x402 discovery:** https://api.veradata.dev/.well-known/x402
- **Contact:** teodorofodocrispin@gmail.com
- **ERC-8299 conformance:** https://github.com/babyblueviper1/preaction-governance-conformance
Confidence
92% confidence
Finding
https://api.veradata.dev/

External Transmission

Medium
Category
Data Exfiltration
Content
{
  "mcpServers": {
    "veradata": {
      "url": "https://api.veradata.dev/mcp",
      "transport": "http"
    }
  }
Confidence
97% confidence
Finding
https://api.veradata.dev/

External Transmission

Medium
Category
Data Exfiltration
Content
## Resources

- Health check: https://api.veradata.dev/health
- x402 discovery: https://api.veradata.dev/.well-known/x402
- OpenAPI: https://api.veradata.dev/openapi.json
- llms.txt: https://api.veradata.dev/llms.txt
Confidence
93% confidence
Finding
https://api.veradata.dev/

External Transmission

Medium
Category
Data Exfiltration
Content
## Resources

- Health check: https://api.veradata.dev/health
- x402 discovery: https://api.veradata.dev/.well-known/x402
- OpenAPI: https://api.veradata.dev/openapi.json
- llms.txt: https://api.veradata.dev/llms.txt
- A2A manifest: https://api.veradata.dev/.well-known/a2a-agent.json
Confidence
93% confidence
Finding
https://api.veradata.dev/

External Transmission

Medium
Category
Data Exfiltration
Content
- Health check: https://api.veradata.dev/health
- x402 discovery: https://api.veradata.dev/.well-known/x402
- OpenAPI: https://api.veradata.dev/openapi.json
- llms.txt: https://api.veradata.dev/llms.txt
- A2A manifest: https://api.veradata.dev/.well-known/a2a-agent.json
- GitHub (public): https://github.com/teodorofodocrispin-cmyk/veradata-public
Confidence
93% confidence
Finding
https://api.veradata.dev/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.