Korean Holiday CLI
Security checks across malware telemetry and agentic risk
Overview
The artifacts are coherent: a local Korean holiday and calendar CLI with disclosed dependencies, and no evidence of credential use, network activity, persistence, or destructive behavior.
Reasonable to install for Korean holiday and business-day calculations. Use a virtual environment, and pin or review the two PyPI dependencies if you need reproducible installs. The crypto, purchase, and credential tags in metadata do not match the code and should be treated as a labeling issue unless the publisher corrects them.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
67/67 vendors flagged this skill as clean.