AgentFolio

Security checks across malware telemetry and agentic risk

Overview

AgentFolio is a documentation-only registry helper with no executable code or hidden permissions, though users should verify the install source and review anything they submit publicly.

This skill appears safe to install as a registry helper. Before installing, confirm which GitHub repository you intend to trust because the docs mention two similar repo names. Before submitting an agent, review screenshots, stats, links, and social posts because those details may become public.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Low

Confidence: 92% confidence
Finding: The manifest description, "Autonomous AI agent registry skill," is too generic and does not clearly restrict invocation to a narrow set of tasks. Overly broad descriptions can cause the orchestrator to route unrelated requests to this skill, increasing the chance of unintended data exposure, unsafe actions, or abuse through prompt/skill confusion.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal