Pentest Auth Bypass
Security checks across malware telemetry and agentic risk
Overview
The skill has authorization guardrails, but its script appears to generate canned high-severity auth-bypass reports instead of performing real validation.
Install only for controlled pentest workflow experiments, not as a source of trustworthy vulnerability evidence. Use dry-run first, keep input paths narrow and sanitized, verify or provide the missing shared helper, and treat generated findings as simulated unless the skill is updated to perform real checks and label evidence clearly.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.