Adaptive Skill Factory

Security checks across malware telemetry and agentic risk

Overview

This text-only skill is not malicious, but it should be reviewed because it can implicitly install, create, update, or delete persistent agent skills without clear approval gates.

Install only if you are comfortable with an agent helping manage its own skills. Require the agent to ask before searching, installing, creating, editing, deleting, or promoting skills to shared directories, and review any downloaded or generated skill contents before use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The activation criteria are very broad: the skill can be invoked whenever there is a 'workflow gap,' a repetitive task, possible time savings, or an opportunity to create a skill. That creates a self-expanding behavior where the agent may overuse this meta-skill, install external skills unnecessarily, or create new local skills without sufficiently narrow triggers, increasing the chance of unsafe delegation and supply-chain exposure.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The default prompt is broadly worded and can apply to many ordinary tasks, which increases the chance the skill is invoked in situations where installing or creating new skills was not explicitly requested. In a skill whose purpose includes discovering, installing, and generating reusable capabilities, overbroad activation can expand agent behavior and trigger unreviewed capability changes or external dependency usage.

Vague Triggers

Medium

Confidence: 96% confidence
Finding: Enabling implicit invocation without tight activation boundaries allows this skill to activate during loosely related workflow discussions, potentially causing the agent to search for, install, update, or create skills without sufficiently explicit user intent. In this context, that is more dangerous because the skill is a capability-amplifying factory: mistaken activation can alter the agent's available tooling or introduce untrusted skill content into future workflows.

VirusTotal

54/54 vendors flagged this skill as clean.

View on VirusTotal