Handoff Receiver

Security checks across malware telemetry and agentic risk

Overview

This skill is a focused local handoff workflow that reads and updates project handoff files without hidden networking, executables, credential use, or privilege escalation.

Install this if you want an agent to manage local project handoff state while resuming work. Before using it in a shared repo, make sure handoff files are version-controlled or otherwise recoverable, because the skill intentionally updates CURRENT pointers, INDEX.md rows, and handoff status fields.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs the agent to rewrite handoff files, move CURRENT pointers, and update INDEX metadata as part of normal execution without requiring explicit user confirmation at the point of modification. In a session-memory workflow, this can silently alter project coordination state, potentially overwriting authoritative handoff information or redirecting future agents based on stale or incorrect interpretation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal