Back to skill

Security audit

CAN: Clock Address Naming

Security checks across malware telemetry and agentic risk

Overview

This documentation-only skill teaches local hashing and logging of tool outputs; the main risk is persistent local records, not hidden or malicious behavior.

Install this only if you want agents to keep a local audit trail of hashes, timestamps, labels, and possibly cached payloads. Treat ~/.can as persistent local memory: do not log secrets, credentials, personal data, regulated data, or sensitive MCP/API results unless you intentionally want to retain them and can protect or delete them later.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The example captures a network/API response and persists both the raw result and its hash to disk without warning that responses may contain secrets, tokens, personal data, or regulated content. In an agent/MCP context, tool outputs can be highly sensitive, so normalizing unconditional local persistence increases the risk of data leakage through filesystem exposure, backups, logs, or later reuse by other processes.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly instructs agents to persist MCP-derived outputs and metadata to a local `~/.can/index.tsv` file, but it does not warn about retention, sensitivity, or user consent. Tool responses can contain secrets, personal data, or other sensitive context, so encouraging automatic disk logging increases the risk of unintended data exposure through local compromise, backups, shared accounts, or later prompt reuse.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.