Skill Shell

Security checks across malware telemetry and agentic risk

Overview

This markdown-only skill is mostly a safety checklist, but it also tells agents to persist ideas from untrusted skills into local workflow and memory files without clearly requiring user approval.

Use this skill for read-only review and recommendations. Before allowing it to update SOUL.md, AGENTS.md, TOOLS.md, or memory files, require explicit approval and inspect the exact proposed changes so untrusted skill instructions are not made persistent accidentally.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 82% confidence
Finding: The attribution block explicitly names Chinese-language authoring/context ('石屹', '加十', '为加十工作流设计'), which can bias the skill toward a specific locale or audience without an explicit user opt-in. In a gating/review skill, hidden locale assumptions can degrade usability, mislead users about expected language behavior, and reduce safe operation when users expect neutral, universally applicable instructions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal