Go Mode

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only planning skill with broad delegated capabilities, but its workflow and guardrails are clearly aligned with its purpose.

Before installing, review the generated plan carefully before saying “Go,” especially if your agent has access to shell commands, local files, email, social media, or paid APIs. Use small test goals first and keep sensitive connectors scoped, because this coordinator can delegate to other installed tools once you approve a plan.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The README markets autonomous goal execution, content creation, and comparison-page building while emphasizing ease of approval, but it does not clearly warn that the skill may create, modify, or publish artifacts on the user's behalf. This can cause users to authorize broad actions without understanding the write-side effects, increasing the risk of unintended data changes, public publication, or workflow misuse.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal