CEO Master

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate CEO/metrics orchestration skill, but it needs Review because it encourages recurring business-state changes and external Telegram reporting without tight user-control boundaries.

Install only if you want an agent to maintain ongoing CEO records and prepare business reports. Before enabling it, set explicit approval rules for Telegram messages, Google Sheet access, spending, trading-related actions, customer-facing outreach, public posting, and persistent updates to CEO or learnings files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Intent-Code Divergence

High

Confidence: 87% confidence
Finding: The file explicitly claims the CEO-agent 'does not execute' while other sections instruct it to perform concrete actions such as running scripts, updating files, and sending reports. This contradiction can bypass operator expectations and lead to unexpected autonomous actions under a seemingly advisory skill, increasing the chance of unreviewed file modification or outbound messaging.

Intent-Code Divergence

Medium

Confidence: 84% confidence
Finding: The 'runs this rhythm every week without exception' language encourages autonomous scheduled behavior even though the skill is a markdown policy document, not a trusted scheduler. In practice, this can cause the agent to take recurring actions, modify workspace state, and communicate externally without a fresh user request or explicit automation boundary.

Vague Triggers

Medium

Confidence: 81% confidence
Finding: The invocation criteria are extremely broad—covering planning, prioritization, performance review, high-stakes decisions, and scaling—so the skill can activate for many ordinary business prompts. Overbroad triggering increases the chance that a high-authority skill with write access and Telegram behavior is used unexpectedly, amplifying downstream risky actions.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs the agent to send weekly reports and escalation alerts via Telegram, which can transmit business metrics, performance data, and strategic decisions to an external channel. Without an explicit warning, consent flow, or data-minimization rules, this creates a clear confidentiality and inadvertent data-exfiltration risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal