Nm Conserve Response Compression

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only response-compression skill with no code, credentials, persistence, or data access, though users should enable it only when concise answers are appropriate.

Install this if you want shorter, more direct responses. Avoid enabling it globally for teaching, sensitive advice, or complex debugging where careful uncertainty, context, and step-by-step detail matter.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger list is broad enough to activate during ordinary discussion about tokens, efficiency, communication, or directness, which can cause the skill to steer responses outside the user's actual intent. In this skill's context, accidental activation matters because it changes response style globally and can suppress useful framing, safety reminders, or clarifying context in situations where brevity is not appropriate.

Natural-Language Policy Violations

Medium

Confidence: 95% confidence
Finding: The instruction to remove hedging language and 'use factual statements' can pressure the agent to present uncertain conclusions as certain ones. In a general-purpose response-compression skill, this is dangerous because it can distort security advice, debugging guidance, and other high-stakes outputs by stripping necessary uncertainty markers that communicate limits of knowledge.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal