Slop Cop

Security checks across malware telemetry and agentic risk

Overview

This appears to be a visual review skill whose only noted issue is that some activation wording is broad, not that it performs unsafe actions.

Safe to install for visual asset or design review. Users should invoke it when they actually want an image, mockup, banner, icon, or visual choice evaluated, and should ignore it if it activates on non-visual deployment questions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger phrase "is this slop?" is broad and colloquial, so it can match many low-specificity user requests that are not clearly asking for this specialized image-audit skill. Over-broad activation increases the chance the skill is invoked in the wrong context, causing unnecessary tool use, misrouting, or the skill overriding a more appropriate domain-specific workflow.

Vague Triggers

Medium

Confidence: 81% confidence
Finding: The phrase "a second opinion on a visual choice before deploy" is ambiguous because many deployment-related choices are not strictly visual-design audits. This can lead to accidental invocation on loosely related requests, broadening the skill's effective scope and increasing the risk of incorrect routing or analysis without the required image/context inputs.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal