Security audit

Content Gen

Security checks across malware telemetry and agentic risk

Overview

This is a coherent content-generation skill, with the main caveat that user inputs may go to an external LLM when remote generation is used.

Install only if you are comfortable using an Anthropic API key and external LLM generation. Avoid submitting secrets, regulated data, or confidential customer notes unless your provider setup is approved for that data, and treat the neural score as drafting guidance rather than verified marketing proof.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The manifest requires `ANTHROPIC_API_KEY` and advertises LLM fallback/use, but the skill does not provide a clear user-facing warning that input content may be transmitted to an external API provider. In a content-generation skill, users may paste proprietary marketing plans, customer data, or sensitive business notes, so silent remote transmission creates confidentiality and compliance risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal