Back to skill

Security audit

weekly-ops-review

Security checks across malware telemetry and agentic risk

Overview

This skill is a local weekly review helper with disclosed inputs and a simple script that only creates a JSON draft file.

This appears safe for normal use. Before installing, be aware that generic trigger phrases may invoke the skill unintentionally, and only run the optional Python helper when you intend to create or replace its output file. Provide only the notes, metrics, task lists, calendar highlights, and goals needed for the review.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger list includes broad, common phrases like 'weekly review' and 'next week priorities' that can plausibly appear in normal conversation, increasing the chance the skill is invoked unintentionally. In an agent environment, unintended activation can cause the model to shift workflow, request files, or reorganize user content when the user did not intend to use this skill.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.