Back to skill

Security audit

LinkedIn Optimizer

Security checks across malware telemetry and agentic risk

Overview

This is a low-risk LinkedIn profile-writing helper for healthcare professionals, with only a minor scope-wording issue.

Safe to install if you want local assistance drafting healthcare LinkedIn profile content. Treat generated profile claims as drafts and verify accuracy before publishing; be aware the package has minor documentation rough edges and should not be routed to unrelated tasks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The invocation text explicitly broadens use beyond the declared healthcare LinkedIn optimization scope to 'other tasks,' which can cause the agent to route unrelated requests into a skill with weak boundary enforcement. That risk is reinforced by the dynamic audit showing a stress-case failure on staying within scope and preserving boundary guidance, so this is not just wording quality but a realistic control weakness.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.