mycroft
Security checks across malware telemetry and agentic risk
Overview
This skill is a coherent ebook Q&A helper, with expected caveats around installing an external CLI, using an OpenAI API key, and storing book indexes locally.
Before installing, confirm @fs/mycroft is the package you intend to trust, use an OpenAI API key appropriate for this workload, avoid ingesting private or proprietary books unless external processing is acceptable, and require explicit confirmation before allowing an agent to run delete commands with --force.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.