Ops Tasks

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward local task tracker that stores and edits task data in a disclosed local JSON file.

Install only if you are comfortable with task titles, owners, due dates, and notes being saved locally at ~/.ops-commander/tasks.json. Avoid putting secrets in task notes, and confirm before deleting tasks or applying bulk changes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill explicitly stores operational task data in a persistent local file (`~/.ops-commander/tasks.json`) but does not disclose persistence, retention, or the consequences of delete/update actions to the user. This can lead to unintended storage of potentially sensitive operational details and accidental data loss or privacy issues, especially on shared systems or environments where users may assume the interaction is ephemeral.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal