Security audit

AGENT-OS

Security checks across malware telemetry and agentic risk

Overview

This appears to be a broad workflow-orchestration skill, but the described behavior is disclosed and aligned with that purpose.

Install this if you want a general workflow orchestrator. Because its scope is broad, invoke it only for tasks where central routing, checkpoints, or multi-step coordination are actually needed, and keep final approval over any high-impact actions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The description is extremely broad and positions the skill as an operating-system-like router for agent goals without defining narrow activation criteria or scope boundaries. In an agent ecosystem, this can cause over-invocation and privilege creep, making the skill more likely to intercept unrelated tasks and influence routing or verification decisions beyond its intended role.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The overview states that the skill routes goals, executes with checkpoints, and verifies results, but it does not specify limits, authority boundaries, or conditions for use. Because this skill is framed as a central orchestrator, vague routing language is more dangerous here than in a narrowly scoped skill: it can become a catch-all controller that overrides safer, specialized handling.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.