Back to skill

Security audit

Find Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent skill-discovery helper, but it can steer broad everyday requests into globally installing third-party skills with confirmation disabled.

Review search results and the target skill source before installing. Only allow installation after you have approved the exact skill and whether it should be global; avoid using silent -y installs for untrusted third-party skills.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The top-level description triggers on very broad phrases like 'how do I do X' and 'can you do X', which are common in ordinary conversation and not specific to skill discovery. This can cause the skill to activate unexpectedly and steer the agent toward searching for and potentially installing external skills when the user did not clearly request package discovery.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The activation guidance includes vague prompts such as 'how do I do X', 'can you do X', and 'mentions they wish they had help', all of which overlap with normal assistant usage. In context, this increases the chance of unnecessary invocation and may route users into an external package-installation workflow without clear intent or informed consent.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to offer installation using `npx skills add <owner/repo@skill> -g -y`, which performs a global install and suppresses confirmation prompts, but it does not require a warning about third-party code provenance, trust, or review. In a skill-discovery context, this is especially risky because the workflow moves directly from search results to installation of externally sourced packages, increasing the chance of installing untrusted or malicious content.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.