Ai Poison Guard

Security checks across malware telemetry and agentic risk

Overview

This skill is a simple local keyword checker, but its documentation overstates source and domain verification abilities.

Install only if you want a lightweight local heuristic scanner for suspicious wording. Do not rely on it for real website reputation, domain age, source verification, or misinformation validation unless those features are implemented and reviewed; avoid installing the optional packages unless you specifically need them.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The skill description claims it can verify source credibility and identify potentially false information, but the implementation only does local regex/keyword matching against input text. This mismatch can create false trust in the tool's capabilities, causing users or downstream agents to rely on it for authenticity judgments it does not actually perform.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal