Back to skill

Security audit

Auditor Qualification

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward auditor qualification matrix helper that creates user-requested report files and does not show hidden or harmful behavior.

Before installing, users should be aware that the skill may handle sensitive employee qualification records and generate local report files. Confirm where the files will be written and whether existing reports with the same names could be replaced.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Low
Confidence
95% confidence
Finding
The skill explicitly states it will generate `.md` and `.txt` files by calling `scripts/build_report.py`, but it does not clearly warn the user that local filesystem writes will occur or identify where those files will be created. This can lead to unexpected local file creation, overwrite risk, or confusion in environments where file writes are sensitive or restricted.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.