Lean Context

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only token optimization skill, with one caution-worthy tip about disabling confirmations but no hidden code or automatic behavior.

Safe to install as a reference-style skill. Do not treat its confirmation-bypass flag suggestion as a default practice; keep approvals enabled for file changes, commands, credentialed tools, or external actions unless the workflow is sandboxed, low risk, and explicitly pre-approved.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill recommends `--no-ask-user` / `--allow-all` flags as a way to reduce confirmation round-trips, which encourages bypassing human approval safeguards without explaining the security tradeoff. In agentic environments, this can materially increase the risk of unauthorized or destructive actions being executed automatically.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal