Back to skill

Security audit

Log Pii Redactor

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only log redaction guide with no executable payload, but users should avoid giving it raw production logs or unrelated wallet/payment permissions.

Use this skill for log PII and secret redaction tasks, preferably with synthetic or minimized log samples. Do not paste live credentials, large raw production logs, PHI, or payment data unless that handling is explicitly intended and controlled. Review any generated scanner or pipeline config in staging before enforcing CI failures or production log filtering, and decline any unrelated wallet, purchase, or OAuth permissions if the installer surfaces them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill’s activation scope is overly broad because its description and 'Use when asked' text match many generic requests about logs, audits, compliance, or pipeline design. That can cause the agent to invoke this skill in situations where narrower or more appropriate skills should apply, increasing the chance of unintended behavior, over-collection of user context, or unsafe configuration advice being applied outside the intended logging-redaction domain.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.