Security audit

InspirAI Best Practices

Security checks across malware telemetry and agentic risk

Overview

This skill is a local best-practices notebook that stores, searches, copies, updates, and deletes user-created notes without hidden code or network behavior.

Install this if you are comfortable with a persistent local folder of reusable notes. Do not save secrets or customer-sensitive data in best-practice entries, and before copying an entry into a project, check whether docs/references/{id}.md already exists.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: The skill instructs copying files into the workspace without a clear user-facing warning that project files will be modified. Because broad triggers may invoke the skill unexpectedly, this increases the chance of unintended writes to the user's repository and can pollute documentation or overwrite expected content paths.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal