Content Swarm

Security checks across malware telemetry and agentic risk

Overview

This content workflow is mostly coherent, but it should be reviewed because it can create local task files and guide public social posting under broad trigger phrases.

Install only if you want an agent to run a content-production SOP that may create files under ~/.workbuddy/tasks and prepare or initiate multi-platform posting. Before using it, require explicit confirmation before any filesystem write or public upload, and consider narrowing activation to the exact skill name or a dedicated command.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (4)

Scope Creep

High

Confidence: 99% confidence
Finding: The skill declares only file-read permission, but its documented workflow creates directories and writes multiple files under ~/.workbuddy/tasks. This creates a clear capability mismatch that can mislead operators, bypass expected permission boundaries, and normalize unauthorized local persistence by downstream tooling or users.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The profile states that external publishing requires confirmation, but later phases provide direct upload commands for multiple platforms without an enforced approval gate. This inconsistency can cause accidental outbound posting, reputational harm, and unauthorized dissemination if an agent follows the later procedural steps literally.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The when_to_use field uses broad natural-language triggers such as 写文案, 做内容, and 多平台分发 that overlap with ordinary user requests. Overbroad activation criteria increase the chance this skill is invoked unintentionally, which is more dangerous here because the skill includes persistence steps and external distribution workflows.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger list mixes general topic keywords, platform names, and action phrases without clear invocation boundaries. That ambiguity can cause unintended routing into a high-privilege workflow that performs content generation, file persistence, and possible publication steps.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal