Halo Blog

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Halo blog administration skill, but it includes high-impact publishing and site-management actions with under-disclosed safety risks.

Install only if you intend to let an agent administer a Halo site. Use least-privilege, revocable tokens; avoid pasting real tokens into shared terminals; confirm the active profile before changes; review Markdown before using the helper script; and require explicit approval before publishing, force-importing, deleting, installing, uninstalling, or bulk-upgrading themes and plugins.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill instructs users to pass a bearer token directly on the command line without warning about secret handling. Command-line secrets can leak through shell history, process listings, logs, screenshots, or copied transcripts, exposing administrative access to the Halo instance.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal