Conflict Manager
Security checks across malware telemetry and agentic risk
Overview
This skill is not shown to be malware, but it asks for repository write authority to perform real merges and pushes through HTTP endpoints without enough scoping or safety detail.
Review before installing. Only grant repo:write to repositories where automated conflict resolution is acceptable, and look for a complete implementation with authentication, default dry-run behavior, explicit user approval before merges or pushes, logging, and rollback guidance.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
No VirusTotal findings