private computation

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it makes strong privacy and compliance claims that its own documentation does not support.

Review carefully before installing. Treat this as an unverified credential-handling SDK, not proven zero-knowledge, TEE, HIPAA, or GDPR infrastructure. Use test credentials first, inspect the npm package implementation, and do not process regulated or production secrets until the security claims, storage behavior, and audit-log guarantees are independently verified.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Description-Behavior Mismatch

High

Confidence: 97% confidence
Finding: The skill markets itself as providing 'Zero-Knowledge Execution' and presents privacy/security assurances as current capabilities, while the same document later says zk-SNARKs and TEE support are future roadmap items. In a security/privacy skill, this mismatch can cause operators to trust protections that do not actually exist, leading to unsafe handling of highly sensitive data under false assumptions.

Intent-Code Divergence

Medium

Confidence: 94% confidence
Finding: The documentation claims private context is 'never exposed,' but the example passes privateContext directly into normal application logic with no demonstrated isolation, proof system, or confidentiality boundary. Users may therefore send sensitive data into ordinary runtime code or third-party APIs believing it remains protected, which materially increases privacy and compliance risk.

Intent-Code Divergence

Medium

Confidence: 90% confidence
Finding: The file advertises 'immutable' and 'blockchain-style' audit logs, but later only claims basic audit logging as implemented, so the integrity guarantees appear overstated. In compliance-sensitive environments, this can mislead users into relying on logs as tamper-evident evidence when they may not provide strong integrity protection.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill encourages storing secrets on disk and using audit logs without warning about persistence, deletion semantics, backup exposure, local filesystem permissions, or the possibility of sensitive metadata appearing in logs. In a privacy-focused skill intended for HIPAA/GDPR-style use cases, omission of these operational caveats can lead to accidental retention or disclosure of regulated data.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal