Ai Intelligent Ar Vr Platform

Security checks across malware telemetry and agentic risk

Overview

The skill shows a metadata clarity issue, but the available evidence does not show hidden, destructive, or data-exfiltrating behavior.

Before installing, check that the catalog name, description, and tags accurately describe the AR/VR development functionality. Treat this as a metadata cleanup issue unless the actual files reveal broader automation powers, credentials use, or external side effects not disclosed in the manifest.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Description-Behavior Mismatch

Medium

Confidence: 89% confidence
Finding: The manifest description claims this is a generic AI automation skill, which does not align with the stated AR/VR application development platform purpose. This kind of metadata mismatch can mislead users, reviewers, or automated policy systems about the skill’s true function, reducing transparency and increasing the chance of inappropriate deployment or trust decisions.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal