Standards Compliance Checker

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed construction-data compliance checker with filesystem access that fits its file-based validation purpose, though its validation coverage has some accuracy gaps.

Install only if you are comfortable allowing the agent to read and write the project files you explicitly provide. Treat results as advisory, especially for OmniClass coverage, and review export paths before writing reports.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The manifest description says the skill validates data against ISO 19650, IFC, COBie, and UniFormat standards, and the code additionally exposes OMNICLASS in the Standard enum. However, _load_rules defines rules for ISO 19650, IFC, COBie, UniFormat, and MasterFormat only; there are no OmniClass rules at all. This creates a capability/behavior mismatch because the documented standards coverage is broader than what the checker can actually enforce.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal