Daily Backup

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Git workspace backup helper; it can commit and push workspace contents when configured, but that matches its stated purpose.

Install only if you want Git-based backups of the agent workspace. Before enabling cron or pushing, set AGENT_WORKSPACE explicitly, review changed files and .gitignore for secrets, and confirm the Git remote and SSH credentials point to a destination you control.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly describes behavior that may initialize a Git repository, create commits, and push workspace contents without an explicit user-facing warning or consent checkpoint. In an automated cron context, this can exfiltrate sensitive code, secrets, or private work-in-progress to a remote repository, making the missing warning and approval gate a real security issue.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal