Sales Helper

Security checks across malware telemetry and agentic risk

Overview

This appears to be a sales or advertising-planning helper with a broad activation scope, but there is no artifact-backed evidence of hidden access, data exfiltration, destructive behavior, or unsafe persistence.

Install this if you want an assistant to help with ads-sales, forecasting, CRM-style planning, revenue, or reporting tasks. Be aware it may activate on broad business terms, so users should invoke it intentionally for advertising or sales-planning work and verify any generated forecasts or CRM recommendations before acting on them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger keywords are broad enough to match many ordinary business conversations, which can cause the skill to activate outside its intended context. Over-triggering is dangerous because it may insert sales/forecasting logic into unrelated user tasks, leading to inappropriate handling of user data, confused agent behavior, or unintended access to CRM-style inputs.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal