任务调度器

Security checks across malware telemetry and agentic risk

Overview

This scheduler skill stores local reminder/task metadata and shows no evidence of hidden, destructive, or data-exfiltrating behavior.

Install only if you want a local reminder/task metadata helper. Ask the agent to confirm before creating, deleting, or disabling tasks, and be aware that broad words like "reminder" or "schedule" may activate it depending on the host's matching behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The activation phrases include very generic terms like “调度”, “定时任务”, and “提醒”, which are likely to appear in normal conversation. In an agent environment, that can cause accidental invocation of this skill when the user merely discusses reminders or schedules, leading to unintended task creation, modification, or disclosure of stored scheduling data.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal