agkan-skills

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill helps agents use the agkan task CLI; it can change or delete local task records, but that is disclosed and fits its task-management purpose.

Install this where you already trust the agkan CLI and understand which project database it will use. Before running delete commands, review the target task or tag first, and prefer status changes such as closed when you may need history later.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill documents destructive commands such as task and tag deletion with no warning about permanence, no confirmation expectation, and no guidance to verify the target before execution. In an agent-facing skill, this increases the chance that an automated or inattentive agent will delete project data from the SQLite task database unintentionally, causing workflow disruption or data loss.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal