Security Plus

Security checks across malware telemetry and agentic risk

Overview

This is a security guidance skill with example scanning commands; it has no hidden code or automatic behavior, but users should run the active commands only on systems they control.

Before installing, understand that this skill may suggest tools such as OWASP ZAP, Nikto, Snyk, and `npm audit fix`. Run network scans only against systems you own or are explicitly authorized to test, and review dependency changes before applying them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: This skill includes commands for active security testing and modifying dependency state (for example DAST scans and `npm audit fix`) without clear safety boundaries, authorization guidance, or warnings about impact on targets and environments. In an agent skill context, that can lead users or automated agents to run intrusive scans against systems they do not own or make unreviewed changes to dependencies, causing service disruption or unstable builds.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal