Afm Secm Correlation Tools 1.0.0

Security checks across malware telemetry and agentic risk

Overview

This local scientific analysis skill does not appear to steal data or modify the system, but it can silently replace unreadable AFM or SECM inputs with synthetic data and produce plausible research outputs.

Use caution before installing for real research. The tool should be modified or audited so unreadable inputs fail with a clear error, or synthetic data is available only through an explicit demo mode with clear labels in all plots, reports, CSV, and JSON outputs.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: The AFM reader silently fabricates realistic-looking topography data when parsing yields insufficient real data. This is dangerous because downstream analysis, plots, reports, and JSON outputs will appear valid while being based on invented measurements, undermining scientific integrity and enabling false conclusions without any explicit failure signal.

Intent-Code Divergence

Medium

Confidence: 98% confidence
Finding: The SECM parser catches parsing failures and silently substitutes a synthetic hotspot map, causing the tool to produce plausible electrochemical activity results even when the provided file is invalid or unreadable. In a research-analysis context, this is especially risky because it can create false structure-activity correlations and mislead users into trusting fabricated scientific results.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal