Criticism Self Criticism

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only self-review skill with broad review triggers but no code execution, data access, persistence, or hidden behavior.

Install this only if you want an explicitly Chinese-language, Maoist-framed self-review methodology to influence review and retrospective workflows. It appears technically low risk, but teams should decide whether the framing and broad activation language fit their norms.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger conditions are very broad and can match many routine completion, review, or feedback situations, causing the skill to activate far outside narrowly intended use. In an agent system, this can steer behavior frequently and disproportionately, especially because the skill promotes a specific ideological review framework that may override more task-appropriate guidance.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal