Task Automation Workflows

Security checks across malware telemetry and agentic risk

Overview

This is a plain automation guide with no executable install behavior, though its file, API, and scheduling examples should be used carefully.

Install if you want general automation examples. Before running generated scripts, use exact directories and trusted endpoints, prefer dry runs and backups for bulk file operations, review any scheduled job before enabling it, and do not send private data to external services unless that is the intended workflow.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The API automation examples send arbitrary JSON payloads to user-supplied endpoints without any warning, validation, allowlisting, authentication guidance, or data-classification controls. In an automation skill, this is dangerous because users may adapt these snippets to transmit sensitive internal data to unintended or attacker-controlled services, normalizing exfiltration-prone patterns.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The scheduled-task guidance presents cron and continuously running automation patterns without warning that such tasks can repeatedly perform destructive file, system, or external actions once deployed. In the context of an automation skill, this increases risk because mistakes are amplified over time and may execute unattended, causing recurring damage or persistence of harmful behavior.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal