Nm Conserve Agent Expenditure

Security checks across malware telemetry and agentic risk

Overview

This appears to be an informational helper for reviewing multi-agent efficiency, with only a minor concern that its activation wording is broad.

This should be reasonable to install if you want guidance around multi-agent efficiency reviews. Be aware it may trigger more often than a narrowly named skill, so verify that it is relevant when it appears in adjacent workflow or efficiency conversations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The manifest includes a free-form natural-language trigger, "evaluating parallel agent efficiency or after a multi-agent run," which is broader and less predictable than specific keyword-style triggers. This can cause the skill to activate in loosely related contexts, increasing the chance of unintended invocation and prompt-surface expansion, though the content of this skill is informational rather than directly privileged or code-executing.

VirusTotal

53/53 vendors flagged this skill as clean.

View on VirusTotal