Back to skill

Security audit

Jupiter

Security checks across malware telemetry and agentic risk

Overview

This appears to be a decision-routing skill with overly broad activation phrases, but no evidence of hidden access, persistence, destructive behavior, or data exfiltration was provided or found.

Install only if you want a general option-comparison helper. Be aware it may activate on broad phrases like asking for the best option or route, so review its advice before acting on it and disable or narrow the triggers if it appears in unrelated conversations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger phrase "best option" is highly generic and overlaps with ordinary user language across many domains, which can cause the skill to activate outside its intended routing/selection context. Over-broad activation increases the chance of unintended tool invocation, context hijacking, or inappropriate influence over unrelated decision workflows.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The phrase "which path should I choose" is ambiguous and can naturally appear in many unrelated conversations, making accidental activation likely. Because this skill is designed for broad strategic and vendor-routing decisions, vague triggers expand its reach and may cause it to intervene in contexts where its logic is not appropriate or expected.

Vague Triggers

Low
Confidence
84% confidence
Finding
The trigger "best route" is somewhat generic and may match common navigation, planning, or abstract advice requests that are broader than this skill's intended use. Although less expansive than other phrases here, it still creates unnecessary risk of unintended activation and user confusion.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.