Cobot

Security checks across malware telemetry and agentic risk

Overview

This is a simple local cobot task log that writes, searches, deletes, and exports its own local entries, with no evidence of network access or hidden behavior.

Install if you want a local task log for cobot-related notes. Avoid storing secrets or sensitive operational data unless local persistence is acceptable, and use remove/export carefully because deletion is immediate and exports can copy saved entries into the current directory.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 76% confidence
Finding: The skill advertises destructive functionality such as removing entries and modifying configuration without any warning, confirmation, backup guidance, or scope description. In an industrial/cobot context, silent deletion or misconfiguration could disrupt task records or operator workflows, increasing the chance of accidental data loss or unsafe operational confusion.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal