Back to skill

Security audit

Metrology Management

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed metrology ledger/reporting assistant with only minor file-output caveats.

Before using it, confirm where reports will be written and whether existing metrology_report files may be overwritten. Optional Word or Excel exports should only be generated after you ask for them, as the skill describes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Low
Confidence
89% confidence
Finding
The skill explicitly instructs running a report-generation script that writes output to the user's current working directory, but it does not clearly warn about file creation or possible overwriting/clutter side effects before doing so. While this is not code execution by itself, implicit filesystem writes can surprise users, create unintended artifacts, or overwrite existing similarly named reports in the active directory.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.