Back to skill

Security audit

Tool

Security checks across malware telemetry and agentic risk

Overview

This is a text-only advisory skill for choosing and evaluating software tools, with no code, installs, credentials, persistence, or hidden high-impact actions found.

Safe to install as general decision-support content. Treat its recommendations as advice rather than authority, especially before adopting paid tools, automations, AI products, or workflows that involve business data, compliance requirements, or account access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill description is extremely broad and can plausibly match a wide range of user requests about software, productivity, workflows, and AI tools. In agent systems that use descriptions for routing, this can cause over-invocation or inappropriate selection, increasing the chance the skill handles requests outside its intended scope and influences decisions without sufficient specialization or safeguards.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal