Osop

Security checks across malware telemetry and agentic risk

Overview

This is a coherent OSOP workflow helper with disclosed local workflow/log/report outputs and no bundled executable code.

Install only if you want OSOP workflow support. Treat generated .osop, .osoplog.yaml, and HTML reports as potentially sensitive because they may describe tasks, systems, failures, permissions, or secrets-adjacent workflow details. Review workflows before execution, especially steps involving CLI, databases, Docker, infrastructure, MCP endpoints, or external services, and verify that ~/.osop/config.yaml and OSOP_MCP_URL point to trusted locations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill explicitly describes generating `.osop` and `.osoplog.yaml` artifacts and converting them into standalone HTML reports, but it does not warn users that task details, execution history, secrets-adjacent metadata, or other sensitive workflow context may be written to disk and later shared. In a workflow/security-analysis skill, this is particularly relevant because logs and reports may contain operational details, permissions, infrastructure names, failure traces, or confidential process data that can be exposed unintentionally.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal