Bayesian reasoning

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Bayesian reasoning helper that runs a local calculator and only saves analysis files when the user chooses to save.

Reasonable to install for Bayesian probability analysis. Before using the save option, confirm the filename and folder, and avoid saving sensitive hypotheses or evidence in shared or synced directories.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The manifest description uses broad trigger phrases like 'reason about probabilities' and 'learn Bayesian thinking interactively,' which can match many ordinary requests and cause over-invocation. In skill-routing systems, this can unexpectedly activate the skill in unrelated contexts, increasing the chance of unintended tool use or persistence behaviors being introduced into normal conversations.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill directs saving JSON output to the current working directory without requiring a clear user confirmation about file creation path, filename, or local persistence. This can lead to unexpected data retention, accidental overwrites, or writing potentially sensitive analytical content to a location the user did not intend.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal