Back to skill

Security audit

Delaware LLC Formation

Security checks across malware telemetry and agentic risk

Overview

The skill is advertised as Delaware LLC guidance, but its runnable assistant gives Wyoming LLC answers, which could mislead business-formation decisions.

Review before installing or relying on this skill. It does not appear malicious, but the executable can answer Delaware-branded questions with Wyoming LLC guidance; verify Delaware fees and compliance requirements with official sources or a qualified professional until the package documentation and implementation are aligned.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The file is named as if it provides Delaware LLC guidance, but all embedded content, prompts, and responses are for Wyoming LLC formation. This kind of intent mismatch can mislead downstream agents or users into acting on incorrect jurisdiction-specific legal/compliance information, which is especially risky in a business-formation skill where state rules materially differ.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.