Back to skill

Security audit

Content Repurposing Toolkit

Security checks across malware telemetry and agentic risk

Overview

This package is mostly an upsell page with off-platform payment/contact details and does not include the scripts and assets it advertises.

Review before installing. The skill appears non-destructive and has no executable code, but it is packaged as a toolkit while mainly advertising a paid off-platform version. Do not send payment or contact the listed channels unless you independently trust the publisher, and expect limited functionality from this installed package.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The file presents itself as an operational skill but is largely an upsell page containing payment links, a Telegram contact, and cryptocurrency payment details instead of usable skill logic or bundled assets. This is dangerous because users and agents may trust the manifest description, attempt to invoke non-existent functionality, or be socially engineered into off-platform payment and contact flows based on misleading packaging.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill claims to include '3 Python scripts' and numerous content assets, but none are present in the provided file. This mismatch creates a deceptive supply-chain condition where users may rely on advertised automation that does not exist, and it can also be used to induce trust or payment under false pretenses.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.