competitive-teardown

Security checks across malware telemetry and agentic risk

Overview

This is a competitive-research skill that uses disclosed public-source collection and a local reporting helper without hidden access, persistence, or credential handling.

Appropriate to install for supervised public competitive research. Before using it, confirm each data source and API use is allowed by policy and platform terms, avoid personal or sensitive data unless authorized, respect rate limits, and verify cited claims before using outputs in sales or strategy materials.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill instructs collection of competitor data from app stores, social media, and APIs but gives no warning about privacy, platform terms, rate limits, or external data handling. In a competitive-intelligence context, that omission can lead users or downstream agents to collect personal data, misuse APIs, or transmit data to third parties without governance, creating compliance, legal, and reputational risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal