Security audit
Supplier Risk Scorecard
Security checks across malware telemetry and agentic risk
Overview
This is a bounded supplier-risk scorecard skill with no executable code, no persistence, and no hidden data access.
Safe to install for structured procurement risk reviews. Users should avoid sharing unnecessary personal data, credentials, or raw internal exports, and should treat the scorecard as decision support rather than legal, sanctions, or compliance clearance.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
63/63 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
