02 Script Generator

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward short-drama script generator that sends the provided story/IP details to a configured model API, with no hidden persistence or system access found.

Install only with a model provider and API base you trust. Use a scoped API key where possible, and avoid submitting confidential unpublished IP, personal data, or proprietary story material unless the provider's data retention and training policies are acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill sends the user-provided `ip_info` directly to an external chat completion API without any visible minimization, consent check, or disclosure mechanism. If `ip_info` contains sensitive personal, proprietary, or third-party content, this creates a real data-exposure risk because the data leaves the local trust boundary and is processed by a remote service.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal