Multi-Agent Status

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent multi-agent monitoring guide, but users should tighten the example shared-directory permissions before using it.

Before installing, replace chmod 777 with a dedicated user or group and restrictive permissions such as 750 or 770, use a limited SSH key for remote uploads, validate the destination host, and keep the reported status fields to the minimum needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The documentation explicitly instructs users to create a shared status directory with mode 777, making it writable by any local user or process on the host. In this skill's context, that directory becomes the trust source for monitoring and alerting, so unauthorized writes can forge health reports, suppress failure detection, or trigger false alerts; depending on deployment, reports may also expose operational metadata.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal