Back to skill

Security audit

PlanSuite

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a straightforward planning helper that writes local markdown planning files, with no evidence of exfiltration, destructive behavior, or hidden persistence.

Install if you want an agent planning workflow that records progress in local markdown files. Review the generated task_plan.md, progress.md, and findings.md during use, and be aware that parts of the skill may instruct the agent in Chinese, which could make behavior less clear if you do not read Chinese.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Natural-Language Policy Violations

Medium
Confidence
96% confidence
Finding
The skill description/body contains Chinese-only operational instructions without any indication that the user requested Chinese or can opt out. This can degrade user control and transparency, causing the agent to respond in an unexpected language and increasing the chance the user misses important planning, execution, or safety details.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.