Investigation First

Security checks across malware telemetry and agentic risk

Overview

This appears to be a coherent investigation-helper skill with a broad trigger, but no evidence of hidden installation, credential access, persistence, or destructive behavior.

Install if you want an agent to use a structured investigation workflow. Be aware that the trigger may be broad, so you may want to invoke it only for tasks that genuinely need evidence gathering or repository/file inspection.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill’s activation condition is very broad: it triggers whenever facts are incomplete, evidence is weak, or the domain is unfamiliar, which overlaps with a large share of ordinary reasoning and advisory tasks. This can cause the agent to over-invoke the investigation workflow, increasing prompt-surface area, tool use, and opportunities for unintended behavior or instruction interference, even though the content itself is not overtly malicious.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal