skill-improvement

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only skill for reviewing and improving other skills, with disclosed user-directed edits and no executable installer.

Install this if you want a structured workflow for improving skills. Review the diagnostic report and diffs before accepting edits, keep backups for important skills, and be cautious with verification steps that run target-skill scripts or share sensitive skill content with subagents.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The description is broadly scoped enough to trigger on many generic requests about improving or checking skills, which can cause the wrong skill to be invoked in contexts the user did not intend. Overbroad activation increases the chance of inappropriate file access, unnecessary modifications, or workflow hijacking by this skill instead of a more narrowly relevant one.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The example description uses broad trigger terms like optimizing existing skills, checking skill quality, and skill fixes without strong boundaries, which can cause the skill to be invoked in situations where it is not the best or safest match. In an agent system, overly broad trigger language can misroute tasks, causing inappropriate skill activation and reducing reliability or leading to unintended processing of sensitive inputs.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal