神经稀疏异步处理架构 (NSAP)

Security checks across malware telemetry and agentic risk

Overview

This is a local educational/demo skill for sparse modular AI architecture, with no evidence of hidden data access, exfiltration, persistence, or destructive behavior.

Install only if you want an educational local toolkit for NSAP-style modular processing concepts. Treat performance and energy-savings numbers as illustrative simulations, and review the stale packaging README before using it for release or distribution work.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill advertises no explicit permissions, yet the content references scripts and tooling that imply filesystem access, including reading local resources and writing outputs such as reports. Undeclared file I/O increases the risk of unexpected side effects, makes operator consent unclear, and can enable broader access than users expect from an architecture-design skill.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 93% confidence
Finding: The skill's stated purpose is architectural guidance, but the referenced behavior includes package verification/publishing guidance and writing a local report file, which are not disclosed in the description. This mismatch is dangerous because users may invoke the skill expecting analysis-only behavior while it performs local state changes or supply-chain-adjacent actions outside the declared scope.

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: The script presents itself as a resource monitor, but it only generates hard-coded example data and writes a synthetic report. In an agent skill context, this is dangerous because downstream users or automation may rely on fabricated efficiency metrics to make architectural, cost, or performance decisions under the false assumption that real monitoring occurred.

Intent-Code Divergence

Medium

Confidence: 89% confidence
Finding: The documentation and console output imply real tracking and comparison of resource metrics, but the implementation only simulates executions and estimated savings. This mismatch can mislead operators, reviewers, or other components into trusting non-factual reports, which is especially risky in a skill intended to optimize AI architecture and reduce compute cost.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal