Cybersecurity Audit & Hardening

Security checks across malware telemetry and agentic risk

Overview

This security-audit skill is purpose-aligned, but it advertises intrusive scanning without clear authorization or scope safeguards.

Install only if you will use it for systems you own or are explicitly authorized to assess. Before running scans, define the target scope, get permission, consider rate limits and monitoring alerts, and avoid public or third-party targets unless authorization is documented. VirusTotal and static scan were clean, and no hidden executable code was present.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill advertises potentially intrusive actions such as port scanning, vulnerability scanning, certificate monitoring, and CVE synchronization, but it does not warn users about authorization, scope, network impact, or legal/ethical constraints. In a security-audit skill, this omission can lead users to run scans against systems they do not own or to trigger disruptive traffic without informed consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal