Checklist

Security checks across malware telemetry and agentic risk

Overview

This is a local checklist tool with reliability caveats, but it does not show hidden access, exfiltration, or destructive behavior.

Safe to consider as a local checklist helper, but treat dependency, deadlock, loop, and validation claims as advisory until fixed. Do not put secrets or sensitive incident details in checklist text, and require human approval before using checklist items to coordinate high-impact work such as deployments, migrations, account access, or external notifications.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: The implementation claims to select only claimable tasks with satisfied dependencies, but the jq filter only checks for pending status and assignment state. This allows agents to claim and complete tasks out of order, defeating dependency enforcement and undermining the advertised deadlock/loop-safety guarantees in collaborative workflows.

Intent-Code Divergence

Medium

Confidence: 98% confidence
Finding: The inline comment says dependencies are enforced, but the actual selection logic does not test depends_on at all. This mismatch is security-relevant because users and other agents may rely on the documented behavior and make unsafe assumptions about execution ordering and coordination.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal