Back to skill

Security audit

Entity Optimizer

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed entity-identity auditing skill with bounded registry writes and no evidence of hidden or destructive behavior.

Install only if you want an agent to audit and maintain machine-readable entity identity records. Review any proposed persistent registry writes, Wikidata/profile changes, or natural-person records before approval, and keep page copy or broader GEO content work in the separate skills named by this package.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The guide introduces AI-citation readiness and GEO-style content tactics even though the skill metadata explicitly says this skill is not for page-level AI-citation readiness. This creates scope drift that can cause an agent to perform actions outside its declared trust boundary, increasing the chance of misuse, incorrect tool routing, or unauthorized content-optimization behavior.

Description-Behavior Mismatch

Low
Confidence
75% confidence
Finding
The document covers broader knowledge-panel claiming, profile updates, and content correction workflows beyond the narrower entity-registry scope described in the manifest. While not overtly malicious, this can mislead an agent into taking or recommending actions outside intended responsibilities, weakening least-privilege and increasing operational error risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.