Back to skill

Security audit

Decomposes complex user requests into executable subtasks, identifies required capabilities, searches for existing skills at skills.sh, and creates new skills when no solution exists. This skill should be used when the user submits a complex multi-step request, wants to automate workflows, or needs help breaking down large tasks into manageable pieces.

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent workflow planner, but it can steer an agent toward globally installing or creating other skills without enough explicit review and consent boundaries.

Install only if you want an agent to plan workflows and discover or draft skills. Before allowing any install or creation step, inspect the proposed skill source, avoid noninteractive global `-g -y` installs, confirm any credentials or scheduled jobs, and keep track of how to remove added skills.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README promotes automatic skill search, creation, and installation workflows, including global installation commands, without clearly warning that third-party skills may execute code or modify the local system. In this context, the omission is security-relevant because the skill is explicitly designed to discover and introduce new code into an agent environment, which increases the chance of unsafe dependency installation or execution decisions by users or downstream agents.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The README promotes automatic skill search, installation, and creation, plus interaction with external services, without clearly warning about trust boundaries, permission scope, code provenance, or the risks of executing third-party skills. In the context of an agent skill that can decompose requests into executable subtasks, this omission can normalize unsafe automation and lead users to install or generate powerful capabilities without adequate review.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The skill description is broadly scoped to trigger on 'complex multi-step request' or general workflow help, which can cause it to activate for many ordinary prompts. Over-broad activation increases the chance the agent will invoke a high-authority decomposition and skill-generation workflow unnecessarily, including searching for or creating external skills in contexts where that was not explicitly requested.

Vague Triggers

Low
Confidence
84% confidence
Finding
The template's 'When to Use' guidance does not instruct authors to define tight activation boundaries, so newly created skills may inherit vague trigger conditions. This can propagate the same over-broad invocation problem across generated skills, leading to accidental activation of capabilities beyond what the user intended.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.