Back to skill

Security audit

Agent Conductor

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed orchestration guide for delegating coding work to sub-agents, with no evidence of hidden, destructive, or data-stealing behavior.

Install this only if you want your agent to delegate coding, scripting, and batch-processing tasks to other local coding agents. Confirm the target files, working directories, and expected outputs before launching background or tmux/screen runs, and monitor them so they do not keep changing files or consuming resources longer than intended.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
This markdown file instructs the orchestrator to route implementation work including file changes, scripts, and data processing to sub-agents, which can affect user data and system state. Although these actions are described as the skill's purpose, the document does not include an explicit warning or caution section about potential side effects, destructive outcomes, or the need for user confirmation before execution.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The execution mechanism recommends foreground, background, and detached long-running execution modes for sub-agent commands. These modes can continue running and changing files or processing data without immediate supervision, but the markdown does not warn users about reviewing commands, monitoring progress, or stopping unintended actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.