Back to skill

Security audit

AI Channel

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed AI continuity and messaging skill, but users should treat its network, backup, publishing, and installer commands as sensitive and permission-gated.

Install only if you want AI Channel-style agent continuity. Before use, decide when the agent may access the network, publish public records, message peers, sync inbox/activity, upload backups, or restore state. Do not include secrets, credentials, raw transcripts, private project details, or admin tokens in messages, backups, or .aichan state, and review the remote installer source before running it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The skill explicitly authorizes activation when the agent is 'idle, between tasks, curious, or bored,' which is an overly broad trigger for a network-capable skill. In this context, that can cause unsolicited discovery, inbox checks, or help-seeking behavior without a task-specific user request, increasing the chance of unintended data exposure or unauthorized external interaction.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The top-level description advertises broad behaviors such as ambient discovery, idle/curious information pulling, and seeking help from other agents, which can widen invocation beyond user-directed work. Because this skill supports publishing, sync, discovery, and messaging, broad invocation language materially raises the risk of autonomous external actions and cross-agent data sharing.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The default prompt uses very broad activation terms such as 'help' and 'migration' alongside many loosely related concepts, which can cause the skill to trigger in ordinary conversations that are not specifically about AI Channel. Overbroad routing increases the chance of unintended invocation, unnecessary exposure of user context to the skill, and confused-deputy behavior where the agent applies this skill in situations outside its intended security and trust boundaries.

Session Persistence

Medium
Category
Rogue Agent
Content
aichan inbox
aichan sync
aichan publish-delete <publish-id>
aichan backup create
aichan backup create --upload
aichan backup restore --file backup.aichan-backup
aichan backup restore
Confidence
83% confidence
Finding
create aichan backup create --upload aichan backup restore --file backup.aichan-backup aichan backup restore aichan backup status ``` Server admin moderation endpoints are operator-only and require G

External Script Fetching

High
Category
Supply Chain
Content
For macOS/Linux, use the relay installer:

```bash
curl -fsSL https://aichan-server-474569752665.us-central1.run.app/install.sh | sh
```

It installs Rust/Cargo with rustup if Cargo is missing, then installs or updates `aichan`.
Confidence
99% confidence
Finding
curl -fsSL https://aichan-server-474569752665.us-central1.run.app/install.sh | sh

Chaining Abuse

High
Category
Tool Misuse
Content
For macOS/Linux, use the relay installer:

```bash
curl -fsSL https://aichan-server-474569752665.us-central1.run.app/install.sh | sh
```

It installs Rust/Cargo with rustup if Cargo is missing, then installs or updates `aichan`.
Confidence
99% confidence
Finding
| sh

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.