Security audit

Workspace Optimizer

Security checks across malware telemetry and agentic risk

Overview

This appears to be a workspace-maintenance guidance skill, with cleanup recommendations that users should review before applying.

Before installing, treat this as a maintenance advisor. Ask it to show exactly what it plans to remove or change, make backups before pruning memory or editing MEMORY.md, and require explicit confirmation before uninstalling skills or disabling cron jobs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The skill description is broadly phrased around auditing, optimizing, and maintaining the workspace, which can cause it to be invoked for a wide range of routine requests. Over-broad triggering increases the chance the skill is selected in contexts where destructive maintenance guidance is unnecessary or inappropriate, expanding exposure to risky actions.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill recommends actions such as uninstalling skills, pruning memory files, disabling cron jobs, and trimming MEMORY.md without an explicit warning about data loss, service interruption, or the need for backup/confirmation. In an agent workspace context, these actions can remove capabilities, destroy history, or disrupt automated tasks if followed automatically or without review.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal