Back to skill

Security audit

Skill Creator

Security checks across malware telemetry and agentic risk

Overview

This skill helps create local skill-template files and does not show hidden credential, network, destructive, or background behavior.

Install this if you want an assistant to scaffold new skill directories locally. Choose the output path deliberately, review generated files before publishing, and be aware it may activate on broad requests phrased as creating or scaffolding a skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
79% confidence
Finding
The trigger phrases are broad enough to match many ordinary requests about creating, turning, or scaffolding workflows, so the skill could activate in contexts where the user did not intend filesystem changes or skill-authoring behavior. In an agent ecosystem, over-broad activation can cause the wrong skill to take control and perform code generation or file creation unexpectedly.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.