Back to skill

Security audit

Skill Auditor

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed skill-auditing helper that reads skill files, optionally edits them after user confirmation, and does not contain executable code or automatic publishing behavior.

Install only if you want an auditor that can inspect skill directories and, when you explicitly approve, edit audited skill files. For confidential or unpublished skills, skip or sanitize the optional SkillHub benchmarking step, and treat any publishing recommendations as a separate human decision.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The skill metadata explicitly says it must not be used for creating skills or publishing to platforms, yet this template includes workflow text that recommends manual publishing after remediation. Even if it does not auto-publish, it normalizes and steers the agent toward release decisions outside the declared scope, which can cause unsafe or unauthorized deployment guidance.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
This regression template goes beyond audit reporting and explicitly introduces a release-readiness gate plus next-step instructions to choose 'publish' and proceed in a publishing flow. That directly conflicts with the declared skill restriction and is more dangerous than a generic recommendation because it operationalizes a publish decision path that could be followed by an agent or user as authoritative guidance.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The document instructs the auditor to query an external API using keywords derived from the skill name and function, but it does not warn that these terms will be transmitted to a third-party service. This can leak confidential or unpublished project details during an audit workflow, especially if the skill under review contains sensitive names, internal capabilities, or customer-specific terminology.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.