Partycraft
Security checks across malware telemetry and agentic risk
Overview
PartyCraft is a coherent local event-planning skill, but its shell script handles user input in a way that can execute unintended local Python code.
Review before installing or using. The skill appears local-only and not deceptive, but avoid entering untrusted or pasted text into event names, guest names, task text, IDs, or budget fields until the script is fixed to pass arguments as data instead of embedding them in Python source. Delete ~/.partycraft/events.json when you no longer need the saved planning data.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
38/38 vendors flagged this skill as clean.