Performance Monitoring

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed performance-monitoring skill that records operational metrics and Feishu alerts, with no hidden installer, executable payload, or destructive behavior found.

Before installing, confirm the Feishu destination and who can access it. Configure the skill so only aggregate performance metrics are recorded, excluding prompts, secrets, user content, customer data, and sensitive task details. Review the hourly collection interval and 30-day retention setting for your environment.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill explicitly states that metrics are recorded to logs and Feishu tables, but it provides no data-classification, minimization, redaction, retention, or access-control guidance. In a monitoring context, logs and performance metrics can easily contain task metadata, memory statistics, timestamps, user-related operational data, or identifiers, so exporting them to a third-party collaboration platform can cause unintended data leakage or overexposure.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal