Nm Abstract Hooks Eval

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only skill for auditing hooks, with a minor over-broad trigger concern but no executable or hidden behavior found.

Install this as reference material for hook audits. Be aware it may activate on broad words like security or performance, and separately review any external Night Market or plugin tooling before installing it because those linked tools may have runtime behavior not present in this skill.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger list includes broad terms such as "hooks," "evaluation," "security," and "performance," which are likely to match many normal user requests and cause this skill to activate outside its intended narrow audit context. Over-broad activation can route unrelated conversations into a security-evaluation workflow, increasing the chance of prompt hijacking, accidental instruction precedence, or unintended disclosure of workspace/context to the skill.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal