Umnix jury system

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only skill about a dispute process, with no code execution or direct access to accounts, credentials, or local data.

This appears safe to install as an informational skill. Before using the Umnix platform itself, verify its privacy policy and retention terms, because the skill describes public permanent verdict records, access-controlled deliberation details, retained audit evidence, and possible automated enforcement against agent status.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 96% confidence
Finding: The skill makes contradictory privacy claims: it says AI jury deliberations are 'not stored for model training' while elsewhere asserting that all 12 verdicts and reasoning are recorded, aggregated, and reviewed by humans. This ambiguity can mislead users about what data is retained, who can access it, and how long it persists, creating privacy, compliance, and trust risks if operators or users rely on the less restrictive interpretation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal