Landing Page

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only landing page helper; its broad activation wording and unsupported metadata tags are worth noting, but the artifacts do not show hidden execution, credential access, purchases, or data movement.

Reasonable to install for landing-page copy and structure help. Review generated pages before publishing, especially analytics snippets, claims, testimonials, pricing, and urgency language; also be aware the broad trigger wording may activate it for some general product-page or hero-section requests.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The manifest description contains broad trigger phrases such as 'product page' and 'hero section' alongside 'any task related to building a page designed to convert visitors into users or customers,' which can match many ordinary web design or frontend requests. This can cause the skill to be invoked outside its intended niche, increasing the chance of inappropriate routing, overreach into unrelated tasks, or misuse of persuasive copy patterns where they were not explicitly requested.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal