Agent Reflect Engine

Security checks across malware telemetry and agentic risk

Overview

This skill is a local, user-run log analysis tool with no hidden network access or persistence, but its reports should be treated as sensitive because they may include excerpts from agent logs.

Install only if you intend to analyze local agent logs. Run it on logs you are comfortable processing locally, and treat stdout or any --output report with the same sensitivity as the original logs, especially if traces may contain prompts, secrets, personal data, or internal reasoning.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 75% confidence
Finding: The tool reads arbitrary agent logs and reproduces their contents in a JSON report without any privacy warning, minimization, or redaction. If the logs contain secrets, personal data, prompts, or internal reasoning traces, running the tool can unintentionally expose sensitive data to stdout, files, terminals, pipelines, or downstream systems.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal