skill-scanner
Security checks across malware telemetry and agentic risk
Overview
This skill is a disclosed static reviewer for other skills and does not add hidden code, persistence, or privileged behavior.
This looks reasonable to install if you want an advisory static scanner for skills. Expect it to read pasted SKILL.md content, user-provided skill paths, or skill URLs when asked; avoid giving it files with secrets, and treat its reports as helpful guidance rather than a complete runtime safety guarantee.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.