Superpowers Overview

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only overview skill that points agents to development workflow skills and does not itself run code, install software, collect data, or request credentials.

Installing this overview skill is reasonable if you want structured development workflow guidance. Review the referenced companion skills separately before allowing branch changes, command execution, or subagent delegation, since those capabilities are outside this overview artifact.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 78% confidence
Finding: The manifest description uses a very broad activation trigger ('when starting any development work or when unsure which skill to use'), which can cause the skill to be invoked in many routine contexts. In an agentic system, overly broad routing increases prompt-surface exposure and can steer sessions into this methodology even when a narrower, safer, or more relevant skill should apply, potentially disrupting intent or causing inappropriate delegation/workflow changes.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal