Toon
Security checks across malware telemetry and agentic risk
Overview
This is an instruction-only skill for compressing JSON into TOON format, with no evidence of exfiltration, destructive behavior, or hidden execution in the reviewed artifact.
This skill appears safe to install as instructions, but verify the actual toon executable or the @toon-format/cli npm package before adding it to PATH. Use it for token-saving summaries of JSON, and request raw JSON when exact machine-readable output is required.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.