Back to skill

Security audit

Guardian Audit

Security checks across malware telemetry and agentic risk

Overview

This audit skill is not malicious, but it needs review because it stores sensitive operational logs while overstating some integrity and compliance guarantees.

Install only after deciding where logs are stored, who can read them, how long they are retained, and how secrets or personal data will be redacted. Do not rely on this skill alone as proof that every tool call or all agent activity is logged, and run the dedicated verifier before trusting chain integrity.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
85% confidence
Finding
The skill describes operational capabilities that imply environment access plus file read/write behavior, but it does not declare corresponding permissions. That creates a transparency and policy-enforcement gap: operators may enable the skill without understanding it can access local paths and write persistent audit data, weakening least-privilege controls.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The declared behavior says the skill is only for logging Guardian safety decisions in explicit safety/compliance contexts, but the document also describes standalone logging, verification, export/report generation, and broader event coverage. This mismatch can cause the skill to be deployed under incorrect trust assumptions, leading to unexpected data collection and broader operational reach than reviewers approved.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The script prints "Verified: PASS" for chain integrity without actually validating the hash chain, which can mislead auditors into trusting tampered logs. In a compliance/audit skill, this is especially dangerous because the tool presents a security assurance claim in a context where users are likely to rely on it for evidentiary integrity.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README explicitly promotes logging agent reasoning, operations, approver identity, and related decision metadata, but provides no warning or controls around sensitive-data capture, redaction, retention, or access restriction. In a safety/compliance audit context, these fields can easily contain secrets, personal data, internal paths, or regulated content, turning the audit log into a secondary sensitive-data store.

Natural-Language Policy Violations

Medium
Confidence
89% confidence
Finding
Mandating logging with no per-session opt-out, while capturing detailed operational and reasoning data, creates privacy and compliance risk. In some jurisdictions or enterprise environments, unconditional collection without documented consent, notice, retention, or legal basis can expose users and operators to regulatory and data-governance violations.

Ssd 3

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs logging of agent reasoning, file paths, commands, escalation responses, and other operational details that may contain sensitive data. Centralizing this information in persistent logs increases the blast radius of any log disclosure and can unintentionally capture secrets, personal data, internal topology, or security-sensitive decision context.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.