LaunchFast PPC Research

Security checks across malware telemetry and agentic risk

Overview

This skill appears to perform Amazon PPC keyword research and create a local spreadsheet-style export, which matches its stated purpose.

Install only if you are comfortable with the skill using LaunchFast keyword research and creating a TSV export in your Downloads folder. Check the output filename before rerunning so you do not overwrite a prior export.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill instructs the agent to write a file directly to ~/Downloads without clearly disclosing this behavior upfront in the skill description or obtaining explicit confirmation immediately before the write. Unannounced filesystem writes can surprise users, overwrite expected files, or normalize unsafe agent behavior around local file creation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal