Security Scanner

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate security-scanning skill, but users must only run its active scans against systems they own or are explicitly authorized to test.

Install only if you intend to perform authorized security testing. Treat every command as active probing: limit targets to owned or written-approved assets, prefer conservative scan options first, and avoid running examples unchanged against public third-party systems.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill provides actionable active-scanning commands for nmap, nuclei, nikto, sslscan, and testssl.sh without embedding strong, proximate safety gating before the commands. Although an ethics section exists, it appears after the operational instructions, making it easier for users or downstream agents to copy intrusive scans onto unauthorized third-party systems and cause legal, operational, or reputational harm.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal