Supply Chain Poison Detector
Security checks across malware telemetry and agentic risk
Overview
This is an instruction-only security review helper with no hidden code, persistence, credential use, or destructive behavior found.
Reasonable to install as a static review aid. Only give it artifacts or URLs you intend to analyze, verify remote URLs before fetching them, and make sure suspicious commands found inside scanned skills are reviewed as text rather than executed.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
59/59 vendors flagged this skill as clean.