Back to skill

Security audit

Momentum and Form

Security checks across malware telemetry and agentic risk

Overview

The available signals do not show malicious behavior, but the referenced skill artifact was not present in the workspace for full independent review.

Before installing, review the actual skill package if you need strong provenance assurance, especially because the referenced artifact was not available in this workspace. Based on the supplied clean VirusTotal result and the low-risk SkillSpector note, there is no concrete evidence requiring Review or blocking installation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Natural-Language Policy Violations

Low
Confidence
81% confidence
Finding
SQP-3 applies to all file types and covers language or locale policy violations. This markdown example includes extended Chinese passages and pinyin/Chinese-script chapter names as part of the instruction content, but does not indicate user opt-in or provide an alternative mode for users who require English-only content.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.