Security audit

Viral Content Expert

Security checks across malware telemetry and agentic risk

Overview

This content-generation skill is coherent overall, but it explicitly allows unattended scheduled generation and persistence-related actions without clear user approval controls.

Install only if you want an agent that can research current social-media trends and create ready-to-use content. Keep scheduled runs disabled unless you explicitly configure scope and cadence, review outputs before publishing, and require confirmation before writing files, downloading images, or deploying anything.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill describes automatic scheduled generation that reuses prior topics and produces content without manual triggering, but it does not mention user consent, visibility, or approval controls. This can lead to unexpected autonomous actions, privacy issues from carrying forward prior context, and unwanted content generation or publishing workflows.

Missing User Warnings

Low

Confidence: 87% confidence
Finding: The skill instructs use of `file_write` to save outputs directly, but does not warn the user that files may be created automatically or explain where they will be stored. Even if the files are benign content assets, silent persistence can surprise users, clutter workspaces, or save sensitive prompts/results without consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.