Medical Translation

Security checks across malware telemetry and agentic risk

Overview

The skill appears to disclose local Python-based helper execution, and the available evidence does not show hidden, deceptive, destructive, or unrelated behavior.

Before installing, review the bundled Python scripts and run them only against paths you intend the skill to read or write. Treat this as a normal local-code skill rather than a passive prompt-only skill.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 74% confidence
Finding: The skill explicitly instructs local execution of Python scripts and mentions file reads and writes, but it does not provide a prominent warning about the resulting system and data impact before execution. In an agent setting, unclear disclosure can cause users or orchestrators to run local code on sensitive workspaces without adequate consent, increasing the risk of unintended file modification, exposure of local data, or execution of unreviewed code.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal