timeback-machine

Security checks across malware telemetry and agentic risk

Overview

This is a small rollback helper that prompts before restoring caller-provided in-memory state and shows no hidden network, credential, filesystem, or persistent behavior.

Before installing, verify the package identity and publisher because the display/package naming is not perfectly consistent. When integrating it, pass only the specific state you want to make reversible and avoid including secrets or unrelated private data in the saved state.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 90% confidence
Finding: This markdown file contains user-facing natural-language instructions and descriptions only in Chinese, including the title and feature explanation. Under the policy, forcing a specific language without user opt-in is a natural-language policy violation unless the locale constraint is explicitly documented and justified, which is not present here.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal