WB Troubleshooter

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a normal phylogenetic-tree visualization helper that runs a local Python script on user-provided data and writes output images.

Before installing, review the packaged scripts/main.py if available, install dependencies only in an environment you trust, and use explicit input and output paths in a workspace directory. Do not point it at sensitive datasets unless you are comfortable with generated outputs being saved locally.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill documentation states that Python/R scripts may execute locally and that the skill can read input files and write output files, but it does not provide a clear user-facing warning about those side effects, trust boundaries, or execution constraints. In an agent skill, undocumented local execution and file writes can lead users to invoke the skill without understanding workspace modification risk, accidental data exposure, or misuse of file paths.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal