Back to skill

Security audit

Skill

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-aligned for Nostr identity setup, but it directs an agent to publish a public identity and create a sensitive secret key during installation without a clear confirmation step.

Install only if you want the agent to create and publish a public Nostr identity. Confirm the profile name, bio, relays, wallet settings, and first note before setup runs, protect the generated nsec like an account password, and consider pinning or reviewing the GitHub source instead of installing `@latest`.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.