Ops Shifts

Security checks across malware telemetry and agentic risk

Overview

This skill is a simple local shift-scheduling helper that stores roster and schedule JSON files in disclosed paths.

Install only if you are comfortable storing team names, roles, skills, work limits, and shift assignments in local JSON files under ~/.ops-commander. Review or delete those files if the device is shared or the data should no longer be retained.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs persistent storage of roster and scheduling data under the user's home directory without any disclosure, consent flow, or data-handling warning. Because these files may contain employee names, roles, team assignments, skills, and work schedules, silent local retention creates privacy and operational exposure if the device is shared, backed up insecurely, or later accessed by other processes.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal