Nm Scribe Tech Tutorial

Security checks across malware telemetry and agentic risk

Overview

This is a tutorial-writing skill with only Markdown instructions; its main caveat is a broad activation trigger and guidance to test tutorial code in a real environment.

Install this if you want help writing developer tutorials. Treat any command the skill asks to test as normal code execution: review it first, prefer a clean sandbox or container, and avoid running untrusted snippets against sensitive projects or credentials.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The manifest lists "tutorial" as a standalone trigger without additional context or constraints. Because many ordinary user requests may mention tutorials generally, this broad trigger can cause unintended activation compared with a narrower phrase tied to technical tutorial drafting.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal