Security Audit (Sona)

Security checks across malware telemetry and agentic risk

Overview

The main audit tool is coherent, but one bundled wrapper can run unreviewed code from a hard-coded local workspace and always returns success even when the audit fails.

Install only if you intend to use the main command, bash scripts/run_audit_json.sh <path>, and check the JSON .ok result. Avoid relying on scripts/security_audit.sh for CI or install gates unless you first patch it to call the bundled runner by relative path, require an explicit target, and propagate failure status.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: The wrapper captures the audit script's non-zero result and then unconditionally exits 0, which defeats fail-closed behavior for any caller that relies on process exit status. In a security-audit skill, this is especially dangerous because failed scans or detected findings can be misinterpreted as success, allowing risky code or skills to proceed in automation pipelines.

VirusTotal

48/48 vendors flagged this skill as clean.

View on VirusTotal