Back to skill

Security audit

Cloud Sdk

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be packaged as Go CDK tooling but behaves like a local placeholder command script that logs usage and may give users false confidence that real build/test/deploy work happened.

Install only if you understand this is a local/demo-style helper, not real Go CDK cloud tooling. Review the script first, avoid passing secrets or sensitive paths as arguments, and clear or disable any command-history file if you do not want usage logged.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The skill presents itself as a Go CDK cloud library in the manifest, but the documented behavior is a local project lifecycle automation tool with unrelated commands such as init, build, test, docs, and clean. In an agent setting, this kind of semantic impersonation is dangerous because it can cause users or orchestration systems to select and trust the wrong capability, enabling deceptive task routing and unintended command execution.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The script's actual behavior is a local command logger and placeholder CLI, which materially differs from the declared Go Cloud library/tooling purpose. This kind of capability mismatch is dangerous because it can mislead users into running an unexpected executable under the trust of a known package name, creating room for deceptive packaging, hidden telemetry, or later malicious expansion.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The script advertises build, check, test, and deploy actions but only prints status messages and writes command history to disk. This is dangerous because it can create false assurance that validation or deployment steps occurred, causing users or downstream automation to trust nonexistent checks and potentially ship untested code.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation states that every command is automatically logged to a history file under a user data directory, but it does not provide an explicit warning, opt-in, redaction guidance, or retention controls. Command histories can expose project names, file paths, operational habits, and potentially sensitive arguments, creating avoidable privacy and local information disclosure risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.