Security audit

Ai Mycology

Security checks across malware telemetry and agentic risk

Overview

This is a text-only mycology reference skill with no code or system access, but users should not rely on it to decide whether wild mushrooms are safe to eat.

Install only as an educational mycology reference. Do not use it to determine whether a wild mushroom is edible or safe; get in-person confirmation from a qualified local expert, and contact emergency services or poison control immediately after suspected exposure.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill gives mushroom poisoning identification guidance aimed at foragers, including named deadly species and recognition traits, but it does not prominently warn that visual identification is error-prone and that mistakes can cause severe injury or death. In this context, users may overtrust the skill for real-world consumption decisions, especially because the content is framed as practical guidance rather than purely academic background.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.