Scamper

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward SCAMPER brainstorming skill with only a disclosed, confirmation-based note-appending workflow.

Install this if you want SCAMPER-style brainstorming help. Be aware it may offer to add generated ideas to notes/ideas.md, so review and approve those additions only when you want them saved.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill’s trigger description is broad enough to activate on common brainstorming or idea-expansion requests, which can cause the agent to invoke this skill in situations where a more specific or safer workflow should apply. Overly broad routing increases the chance of unintended behavior, user confusion, and accidental interference with unrelated tasks, especially because phrases like being 'stuck' or asking to 'develop an idea' are common across many contexts.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal