Chief Of Staff

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only executive advisory skill with disclosed local decision logging and routing behavior, but no hidden code, credential use, or external data transfer.

Install this only if you are comfortable with an advisor skill reading company context and keeping a local decision log. Review or delete ~/.claude/decision-log.md periodically, avoid putting unnecessary confidential details into prompts, and use trusted companion advisor skills because founder questions may be routed across them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill instructs the agent to persist founder questions, decisions, owners, and review dates to ~/.claude/decision-log.md without any consent, minimization, retention policy, or sensitivity checks. Because this is a C-suite orchestration skill that automatically loads company context and handles strategic, financial, personnel, and compliance topics, the log may accumulate highly sensitive business data that could later be exposed to other local users, tools, backups, or future sessions.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The complementary skill triggers use broad natural-language keywords such as "change," "competitor," "alignment," and "all-hands," which can match many ordinary founder requests and silently reroute them away from the most appropriate role. In an orchestration layer, this creates prompt-routing ambiguity that can be exploited by a user to steer requests into unintended skills, causing incorrect handling, over-broad context sharing, or bypass of the intended decision flow.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal