Tagout

Security checks across malware telemetry and agentic risk

Overview

This is a simple local tagout tracker; its main caveat is that deleting entries is immediate and permanent.

Reasonable to install if you want a local tagout tracker. Do not store secrets in entries, choose TAGOUT_DIR deliberately, back up records before using remove, and review exported CSV or JSON files before sharing them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The remove command irreversibly deletes a line from the persistent data store using 'sed -i' with no confirmation, backup, or soft-delete behavior. In a safety-compliance tracking context, silent destruction of records can undermine auditability and operational safety, especially if an agent or user invokes the command accidentally or with a mistaken index.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal