AutoSkills CLI

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it can run an external CLI that installs and activates other agent skills with too little scoping or rollback guidance.

Review carefully before installing. Prefer running only detection or list commands first, inspect every proposed downstream skill, avoid the default full integration flow unless you want it to modify your agent setup, and use a pinned package version or reviewed source where possible.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill advertises broad trigger phrases such as 'autoskills', '项目类型检测', and '智能安装' while also describing automatic detection and installation behavior. Broad activation language increases the chance of unintended invocation in normal conversation, which is risky because the described action can lead to package installation or environment changes without sufficiently explicit user intent.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The description promotes automatic project detection, recommendation, and one-click installation but does not warn users that it may inspect repository contents and install tools or skills. In an agent context, this omission is dangerous because users may not realize the skill can modify the system or activate additional capabilities, increasing the risk of unexpected package execution and privilege misuse.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal