Auto Continue

Security checks across malware telemetry and agentic risk

Overview

This skill mostly checks task status, but its README also tells the agent to keep working through testing and publishing without a fresh user confirmation.

Review carefully before installing. The checker script itself appears limited to local status inspection, but the documentation may cause an agent to continue editing, testing, updating progress, and publishing work without asking you first. Use it only if you are comfortable with that workflow or can enforce explicit approval before external or irreversible actions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The README explicitly instructs the agent to keep acting without waiting for further user confirmation, including testing and publishing steps. That increases the chance of unauthorized or unintended side effects because impactful actions may be taken based only on inferred task state rather than fresh user approval.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal