Security audit

安全技能插座

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only security skill directory with disclosed routing and install examples, but users should confirm targets and review any skills before installing or updating them.

Install this as a directory for security skills, not as a guarantee that every downstream skill is safe. Confirm which skill should run, specify the target before scans or monitoring, review third-party skills before installing them, and use bulk updates only for sources you trust.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger keywords for performance-related skills include broad everyday terms such as '性能', '优化', and '诊断', which can match many unrelated user requests. In a hub skill that routes to other capabilities, over-broad matching increases the chance of unintended invocation and can cause the agent to run tools or workflows the user did not actually request.

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The troubleshooting/research skill uses vague keywords like '常见问题', '故障', and '性能问题', which are not sufficiently bounded to a specific product or task. In a centralized dispatcher, this ambiguity can misroute benign conversations into a troubleshooting workflow, potentially exposing system context or causing unnecessary tool execution.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: Many listed security skills use broad single-word triggers such as '漏洞', '监控', '审计', '密钥', and '威胁', which are likely to appear in normal discussion. Because this file is a security skill hub that can route into scanning, monitoring, or audit functions, overly broad triggers materially raise the risk of accidental invocation of sensitive capabilities.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The documentation advertises commands for searching, installing, and especially bulk updating skills without warning about trust, provenance, or change-management risks. In a skill hub that can expand capabilities from external sources, this can lead to supply-chain exposure, unreviewed code introduction, or disruptive system changes if users or agents follow the documented behavior blindly.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal