Claude Hemat

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a disclosed model-routing helper, with no evidence of hidden data access, persistence, credential use, or destructive behavior.

Before installing, understand that this skill may route more complex tasks to stronger and potentially more expensive models. Review the routing language if you need deterministic model-selection rules, especially for sensitive or cost-controlled workflows.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The model-switching rules rely on subjective phrases such as 'pretty critical,' 'needs reasoning,' and 'extreme complex,' which can cause inconsistent escalation decisions across runs or operators. In a routing skill, this ambiguity can lead to under-escalation for sensitive tasks or over-escalation that leaks more task context than necessary to stronger models, reducing predictability and weakening security controls.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal