Matrix Mentions Patch

Security checks across malware telemetry and agentic risk

Overview

This is a narrow, instruction-only skill for manually patching a Matrix mention bug, with no executable payload or hidden automation.

Use this only if you intend to manually patch your local Matrix extension. Before applying it, verify the target file and actual agent ID, note or back up the original line for rollback, and restart the gateway only when a short interruption is acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill instructs the operator to directly modify a live source file under a local installation path and restart the gateway, but it provides no warning about service disruption, rollback, backup, or validation steps. Even if the patch goal is legitimate, these actions can break the running system, introduce configuration-specific errors, or cause downtime if applied incorrectly.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal