Nm Pensive Math Review

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a math and scientific-code review helper whose local validation steps are disclosed and aligned with that purpose.

Install only if you want the agent to review math-heavy or scientific code and potentially run local tests or notebooks in the current project. Review generated command plans before execution, especially for notebooks or test suites that may run project code.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The manifest frames this skill as verifying math-heavy code for correctness, numerical stability, and standards alignment. However, the documented workflow instructs the agent to run shell commands (`git`, `pytest`, `jupyter nbconvert`) to inspect repo state and execute tests/notebooks, which is an operational capability not inherently justified by a narrowly scoped review skill description.

Vague Triggers

Medium

Confidence: 96% confidence
Finding: This markdown file includes frontmatter trigger phrases such as "math," "algorithms," "numerical," and "scientific," which are broad topic words rather than narrowly scoped invocation phrases. Without clearer constraints or exclusion examples, the skill could be invoked during normal conversation about these subjects rather than only when the user wants this specific review skill.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal