Quantum Distribution Generator

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed AgentPMT statistical sampling tool, with the main caveat that it can use a paid external API and has some broad activation keywords.

Install this only if you intend to use AgentPMT for paid random sampling and simulation calls. Confirm the AgentPMT account, credential, and credit/payment setup before enabling it, and avoid invoking it from generic requests that merely mention words like beta, source, or count.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The skill advertises activation keywords including very generic tokens such as "beta", "source", and "count", which are common across many unrelated tasks. This can cause the skill to be invoked unintentionally in contexts where a user did not intend to call an external paid/randomness service, increasing the chance of unnecessary external calls, data exposure to a third-party API, or unintended charges.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal