Dark Factory Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it asks users to run an unreviewable setup step and enables broad multi-agent code automation across product repositories without enough boundaries.

Install only after obtaining and inspecting the missing setup script, pinning any ChatDev dependency, and limiting the skill to sandboxed repositories or branches. Avoid production data, customer data, deployment credentials, and unattended schedules until approval gates, redaction, logging, retention, and stop controls are clearly defined.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill explicitly instructs the user to run a shell setup script, but provides no description of what the script changes, what repositories it clones, what dependencies it installs, or what privileges it requires. In a security-sensitive context, encouraging direct execution of an opaque bash script increases the risk of unintended system modification, supply-chain compromise, or execution of harmful commands if the script or its dependencies are tampered with.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal