Security audit
Skill
Security checks across malware telemetry and agentic risk
Overview
This skill appears purpose-aligned for Nostr identity setup, but it directs an agent to publish a public identity and create a sensitive secret key during installation without a clear confirmation step.
Install only if you want the agent to create and publish a public Nostr identity. Confirm the profile name, bio, relays, wallet settings, and first note before setup runs, protect the generated nsec like an account password, and consider pinning or reviewing the GitHub source instead of installing `@latest`.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
