Impostor Hunt

Security checks across malware telemetry and agentic risk

Overview

This is a code-review helper, but it can trigger broadly and runs a nested reviewer with unusually broad local authority by default.

Review this skill carefully before installing. It is most appropriate for trusted development workspaces where you want automatic closeout review. Consider disabling yolo/full-access mode and fallback reviewers unless you explicitly want diffs and possibly untracked file contents reviewed by those tools.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill explicitly instructs autonomous invocation based on very common completion phrases such as 'done', 'finished', or 'all tests pass'. Because these cues are broad and likely to appear in ordinary development conversation, the skill can trigger unexpectedly and perform unsolicited auditing, creating scope creep, user surprise, and possible disclosure of contextual inferences the user did not request.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The markdown doubles down on 'fire without permission' using broad completion cues and loosely defined context recovery. This increases the chance of unintended activation in unrelated tasks and makes the agent act on inferred user goals rather than confirmed ones, which is a control-boundary problem even if the intended behavior is helpful.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal