Agents Orchestrator

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it asks the agent to hand broad code-change authority to an automated background orchestrator with weak scoping and confirmation controls.

Install only if you intentionally want this skill to control code-change workflows through its orchestrator. Before running it, inspect the orchestrator script, run help or dry-run modes first, confirm the target repository/path, and avoid background execution until you trust its behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The skill description presents the agent as an autonomous pipeline manager for the entire development workflow without defining clear trigger boundaries, authorization requirements, or scope limits. In an agentic system, this kind of broad invocation can cause unintended activation for high-impact orchestration tasks, leading to excessive autonomy, inappropriate task spawning, or execution outside the user's intended project scope.

Vague Triggers

Low

Confidence: 90% confidence
Finding: The launch command provides only a single example phrase for activating a powerful orchestrator but does not clearly state that activation must be limited to that exact form or equivalent validated commands. This ambiguity increases the chance that loosely similar requests could trigger the skill and start autonomous multi-agent workflows on unintended inputs or repositories.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal