Hash Utilities

Security checks across malware telemetry and agentic risk

Overview

This is a small local hashing utility whose file access and HMAC handling match its stated purpose.

Reasonable to install for local checksum, hash verification, or HMAC tasks. Avoid using long-lived production secrets as HMAC keys unless necessary, and only ask it to hash files you explicitly want the agent to read.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger text in the skill description is broad and open-ended, covering many common hashing and integrity-checking requests without clear boundaries on when the skill should or should not activate. This can cause over-invocation, making the agent more likely to handle unrelated user input or sensitive material through the skill than intended, increasing the chance of misuse or unexpected behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal