Security audit

Ai Ethnobotany

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be informational content, with a safety-warning gap around psychoactive plant discussion but no evidence of hidden code, persistence, credential access, or unsafe automation.

Install only if you want educational ethnobotanical content, and treat any psychoactive-plant discussion cautiously. Do not rely on it for consumption, dosing, extraction, cultivation, self-treatment, or legal decisions; consult qualified medical or legal professionals where relevant.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly describes several psychoactive plants and their active compounds, effects, and cultural/legal context without any accompanying safety, medical, or legal warning. In an agent setting, this can normalize or facilitate unsafe guidance about substances with intoxication, toxicity, dependency, psychiatric, and jurisdiction-specific legal risks, especially if the model later expands on use, sourcing, or preparation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.