Dlazy Grok 4.2

Security checks across malware telemetry and agentic risk

Overview

This appears to be a disclosed third-party Grok text/chat skill, with the main caution that its broad triggers could route ordinary prompts to dLazy unexpectedly.

Install only if you trust dLazy with prompts and any files or context you intentionally provide. Prefer invoking it explicitly for Grok 4.2 tasks, avoid using it for sensitive private content unless you accept the external processing, and review how its API key is stored or revoked before use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger keywords are generic terms like "generate text," "qa," and "chat," which are likely to match normal user requests unrelated to this specific skill. That can cause the agent to invoke this third-party SaaS skill unexpectedly, sending user prompts or referenced inputs to external endpoints when the user did not clearly intend to use dLazy/Grok 4.2.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal