Security audit

Ai Paleontology

Security checks across malware telemetry and agentic risk

Overview

This is a single educational paleontology guide with no executable code, though users should treat its fossil-finding advice as informational and check legal and safety requirements first.

Before using the fossil-search or excavation sections, confirm local laws, landowner permission, protected-site restrictions, specimen ownership rules, and field safety precautions. For general dinosaur, fossil, and paleontology Q&A, the skill is low risk.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill description is extremely broad and lacks clear activation boundaries, so an orchestrator may invoke it for generic dinosaur, fossil, evolution, or even adjacent science queries that were not intended. This is not a direct exploit primitive, but it increases the chance of unintended routing, over-collection of user context, or inappropriate reliance on this skill outside its safest use cases.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill gives practical guidance on where to find fossils and how to excavate them, but omits warnings about land access, permits, protected sites, ownership laws, and physical hazards. In context, this could enable users to trespass, damage scientifically valuable specimens, or injure themselves while following simplified field instructions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.