Tone Adjuster

Security checks across malware telemetry and agentic risk

Overview

This is a local medical text tone-adjustment skill with no evidence of hidden access, data exfiltration, persistence, or destructive behavior.

Install only if you want local help rewriting medical text. Avoid providing protected health information unless your environment is approved for it, de-identify patient details where possible, and have a qualified person verify medical accuracy before using outputs with patients.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The skill advertises activation conditions far broader than medical tone adjustment, including generic academic writing, fallback handling, and reproducible-output tasks. In an agentic system, this can cause the skill to be selected for tasks outside its intended scope, increasing the chance of unsafe processing, inaccurate medical rewriting, or inappropriate handling of sensitive content under the wrong workflow.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly supports converting clinical notes and medical files but gives no privacy, consent, de-identification, retention, or secure-handling guidance. Because the context is medical text, misuse can expose protected health information or other sensitive patient data during input, processing, logging, or output generation, making this more dangerous than similar omissions in non-medical skills.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal