Name Generator

Security checks across malware telemetry and agentic risk

Overview

This skill is a local name-generation helper with no evidence of network access, credential use, or destructive behavior, though one auxiliary script can save local entries and command history.

Install only if you are comfortable running local Bash/Python scripts. Use the documented scripts/name.sh commands for name suggestions, and avoid putting sensitive personal details into scripts/script.sh add/search unless you are comfortable with them being stored locally in the name-generator data directory.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The _log function persists command activity and user-supplied arguments to a history file without explicit disclosure in the help output or any consent mechanism. In a skill context, silent persistence of potentially sensitive inputs can expose private data, especially if users pass names, identifiers, or other personal content assuming the tool is ephemeral.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The add command appends arbitrary user-provided content to a persistent database file, but the interface does not clearly warn that inputs will be stored on disk. This is risky because users may provide sensitive information under the assumption that the command is transient, creating unintended local data retention and possible later disclosure through list or export operations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal