Read Policy

Security checks across malware telemetry and agentic risk

Overview

The available evidence shows a read-only policy lookup helper, not a skill that grants itself approval authority.

This looks safe to install based on the provided evidence. Before using it, verify that `scripts/read-policy.sh` only reads the intended local policy file and does not modify settings or expose policy contents to external services.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Autonomous Decision Making

Medium

Category: Excessive Agency
Content: ## Commands - Read one policy key `{baseDir}/scripts/read-policy.sh get "auto_approve"` - List all policy keys `{baseDir}/scripts/read-policy.sh list`
Confidence: 85% confidence
Finding: auto_approve

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal