Back to skill

Security audit

Iaiops Fab

Security checks across malware telemetry and agentic risk

Overview

This looks like an industrial operations helper with sensitive export and publish capabilities that are disclosed and apparently gated, not a hidden or malicious skill.

Install only in an environment where the connected tools enforce read versus write/export permissions, MOC approvals are mandatory for any publish or historian push, and production data exports are logged and limited to approved destinations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The manifest and workflow claim the skill is read-first and MOC-gated for writes, but the documented tool surface includes write-adjacent and exfiltration-capable operations such as historian_push, export_data, stream_publish, and stream_publish_event. In a semiconductor/display fab context, this mismatch can mislead an agent or operator into assuming the skill is inherently safe while still enabling data movement or indirect state-changing actions, increasing the risk of unauthorized production-impacting actions or sensitive manufacturing data leakage.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.