ab-test-setup

Security checks across malware telemetry and agentic risk

Overview

This is a plain A/B testing guidance skill with no executable code or credential access; its main caveat is broad activation wording.

Safe to install for A/B test planning. Review any `.agents/product-marketing-context.md` or `.claude/product-marketing-context.md` file before use if it contains sensitive business information, and be aware the skill may activate on generic experimentation words where a narrower skill might fit better.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The manifest description says to use the skill when the user wants to "plan, design, or implement an A/B test or experiment" and also when they mention generic terms like "hypothesis" or "test this change." Terms such as "hypothesis" and "test this change" are common across many workflows, making the activation scope broader and less specific than the skill's actual domain.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal