Back to skill

Security audit

Viralevo

Security checks across malware telemetry and agentic risk

Overview

ViralEvo is a disclosed trend-reporting skill, but users should review its optional scheduling and data-deletion steps before enabling them.

Install only if you are comfortable giving the skill a Tavily API key and letting it make external trend-search requests. Review broad natural-language triggers, enable cron only if you want recurring background reports and weekly configuration changes, and back up the ViralEvo data directory before running the optional rm -rf uninstall step.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill advertises broad natural-language triggers like 'What should I post today?' and 'Any trends?' that could match ordinary conversation and cause the agent to run collection/reporting actions without sufficiently explicit user intent. Because those actions initiate network access and data processing, unintended activation can lead to surprise tool execution and external requests.

Vague Triggers

Low
Confidence
84% confidence
Finding
The phrase 'Add a cron job to run ViralEvo daily at 8am' is a natural-language instruction that may collide with ordinary scheduling requests and induce persistent automation changes. Creating cron jobs is more sensitive than a one-time command because it establishes recurring execution and ongoing network/tool activity.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The uninstall section includes deletion of the entire skill data directory without a prominent warning about irreversible loss of reports, configuration, feedback history, and database contents. Users or agents following these instructions may destroy accumulated data unintentionally, especially because the step is framed as optional but not explicitly destructive.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.