Back to skill

Security audit

Hypertaks

Security checks across malware telemetry and agentic risk

Overview

Hypertaks is a broad, disclosed workflow skill with no executable payload, but it may activate often and use subagents or work-log writes when available.

Install this only if you want a very broad operator-style skill that may be invoked for many business and build tasks. Expect it to ask clarifying questions, possibly use available subagents or connectors, and create a work-log note if you give it filesystem or Obsidian access. Review or adjust the hard-coded Obsidian path and broad trigger language if you want tighter control.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

High
Confidence
96% confidence
Finding
The activation scope is extremely broad, covering everything from strategy and coding to finance, IoT, and general 'do, run, build, analyze, diagnose, fix, or grow anything' requests. This creates a prompt-routing vulnerability where ordinary user requests can be unintentionally captured by this skill, causing it to override more specific or safer skills and apply an expansive founder-authority persona to unrelated tasks.

Vague Triggers

High
Confidence
94% confidence
Finding
The phrase 'If the request is founder-shaped' is ambiguous and subjective, making activation dependent on broad interpretation rather than deterministic criteria. Because the skill then says to 'do it, run it, grow it, find the problem, fix it,' it can self-select into many unrelated tasks, increasing the chance of overreach, policy bypass through role inflation, or accidental suppression of normal task-routing safeguards.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.