Xiaopi Superdesign
Security checks across malware telemetry and agentic risk
Overview
The inspected skill artifacts appear coherent and purpose-aligned, with no evidence of hidden data theft, destructive behavior, or deceptive instructions.
Install only if you expect developer/operator workflows that may run local review commands or staff moderation commands. For sensitive repos or production moderation, review commands before execution, use the provided confirmation paths, and prefer the lower-privilege autoreview option when full-access nested review is unnecessary.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.