Update Signature Verifier
Security checks across malware telemetry and agentic risk
Overview
This skill is a read-only security-audit guide for checking update signatures and does not show hidden code, credential access, persistence, or data-changing behavior.
This looks safe to install as a guidance skill. It may lead an agent to use curl and python3 to retrieve or parse public update-signature metadata, so review the target skill and any resulting recommendations before pinning versions or challenging a publisher.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
55/55 vendors flagged this skill as clean.