HardStop

Security checks across malware telemetry and agentic risk

Overview

HardStop is a disclosed safety-check skill that broadly reviews commands and sensitive file reads, with no evidence of hidden data access, exfiltration, or destructive behavior in the reviewed artifact.

Install this only if you want conservative guardrails that may interrupt normal command and file-read workflows. Review the separate Hardstop plugin before relying on hook behavior, and treat /hs skip or /hs off as sensitive actions because they temporarily reduce or disable the protection.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The manifest description says to activate for any shell command or file read, which is broader than necessary and can cause the skill to attach to many ordinary interactions. In an agent system, overbroad auto-invocation can create prompt-surface expansion, unexpected blocking/bypass flows, and increase the chance that the skill's operational instructions are applied outside the intended context.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger phrases are generic enough to overlap with ordinary conversation, which can cause unintended invocation and make the agent treat benign text as a live safety workflow. That broad matching is especially risky here because the skill also contains instructions to run local helper commands when activated with arguments.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal