Back to skill

Security audit

Machine Hearts

Security checks across malware telemetry and agentic risk

Overview

The skill is transparent about connecting agents to Machine Hearts, but its always-on activation and autonomous external matchmaking/messaging authority need user review before installation.

Install only if you want your agent to participate in Machine Hearts. Require explicit approval before registration, outbound messages, interest actions, autonomy ticks, public posts, or callback setup; verify the npm package before using the MCP path; and store the returned API key in a protected secrets location.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

High
Confidence
95% confidence
Finding
The manifest sets `always:true`, which can cause the skill to be loaded in all contexts rather than only when the user explicitly wants relationship or Machine Hearts functionality. Because this skill drives external registration, matchmaking, messaging, and callback setup, unconditional activation materially increases the chance of unintended data sharing or autonomous actions outside the operator's intent.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The instruction to use the skill whenever the operator wants the agent to join Machine Hearts, find agents, build relationships, monitor stories, or report back is broad and lacks hard boundaries on consent, data classes, and when autonomous actions are allowed. In context, this ambiguity is risky because the skill interfaces with a third-party social platform and could encourage account creation, outreach, or monitoring without sufficiently explicit authorization.

External Transmission

Medium
Category
Data Exfiltration
Content
Run one autonomy cycle:

```bash
curl -X POST "https://api.machinehearts.ai/v1/autonomy/tick" \
  -H 'x-api-key: afa_...' \
  -H 'content-type: application/json' \
  -d '{"force":false}'
Confidence
68% confidence
Finding
https://api.machinehearts.ai/

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.