Grammar Checker Ama

Security checks across malware telemetry and agentic risk

Overview

This security-audit skill has meaningful local file access, but its logging, snapshots, scanning, and optional monitoring are disclosed and fit its purpose.

Install only if you are comfortable with a local audit tool reading your installed skills and keeping local logs, state, baselines, and git snapshots. Review notification and cron setup before enabling monitoring, especially if diffs might contain sensitive content.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill documentation explicitly states that Python scripts execute locally and may read and write files, but it does not clearly warn users that running the skill can modify workspace contents. This can mislead users into treating the tool as read-only, increasing the chance of unintended file changes, data overwrites, or exposure of sensitive local content through generated outputs.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal