First Aid

Security checks across malware telemetry and agentic risk

Overview

This is a simple local first-aid reference skill with no hidden access, credential use, network activity, or destructive behavior, though its emergency-number guidance is limited and should be treated carefully.

Reasonable to install as a local quick-reference tool, but do not rely on it as authoritative medical advice. In an actual emergency, call the correct local emergency number and follow professional dispatcher guidance.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 95% confidence
Finding: The script hard-codes emergency numbers for multiple regions without detecting the user's locale, asking for confirmation, or clearly limiting the guidance to specific jurisdictions. In a first-aid skill, presenting region-specific emergency contact information as a generic emergency command can misdirect users during a real emergency, causing dangerous delay or failed contact with emergency services.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal