Back to skill

Security audit

Scientific Thinking General

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only scientific reasoning skill with no executable code, credential use, data access, or destructive behavior found.

Safe to install for users who want a structured scientific reasoning style. Review or disable implicit invocation if you only want the skill used on explicit request, and do not rely on the registry crypto/purchase tags as actual capabilities because the artifacts do not support them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill enables implicit invocation without defining any trigger phrases, scope limits, or activation constraints. That can cause the agent to invoke this reasoning mode in ambiguous contexts, potentially altering system behavior unexpectedly, broadening the skill’s reach, or allowing prompt-routing abuse where unrelated requests are steered into this skill without clear user intent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.