PlanSuite

Security checks across malware telemetry and agentic risk

Overview

PlanSuite is a transparent file-based planning workflow that creates and updates local markdown planning files without evidence of hidden execution, data exfiltration, or destructive behavior.

Reasonable to install for structured project planning. Be aware it will create and maintain task_plan.md, progress.md, and findings.md in the active working directory, so avoid placing secrets or credentials in those files and check existing files with those names if the directory already uses them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 92% confidence
Finding: The skill explicitly instructs the agent to create and continuously update multiple files in the current working directory, but it does not require clear user-facing notice or confirmation before modifying local state. This can lead to unintended file creation or overwriting in whatever directory the agent happens to be operating in, especially because the workflow frames file writes as mandatory and routine.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal