Vow

Security checks across malware telemetry and agentic risk

Overview

This markdown-only skill describes irreversible collateral-backed commitments but does not define clear limits or user approval controls.

Review this before installing as a conceptual protocol only. Do not let an agent use it to lock funds, publish commitments, slash collateral, or run monitoring unless you explicitly approve the exact account, amount, duration, success metrics, and exit conditions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The manifest description is highly broad and markets a powerful protocol for 'cryptographically enforced' commitments, escrow, slashing, and confidential computation without defining activation boundaries, authorized use cases, or safety constraints. In an agent environment, this ambiguity can cause the skill to be invoked in inappropriate high-impact contexts, leading agents to coordinate risky financial, ethical, or secrecy-related actions without sufficient guardrails.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal