Back to skill

Security audit

Devrel Playbook

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Developer Relations playbook with no code, hidden behavior, credential access, or automatic actions.

This skill appears safe to install as a reference guide. Treat its moderation, event ROI, and reporting advice as business guidance that you would apply manually; it does not itself configure Discord/Slack, read private data, or take actions on your accounts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Natural-Language Policy Violations

Medium
Confidence
92% confidence
Finding
The entire skill description is written in Japanese and does not indicate that users may choose another language or that the skill is specifically intended only for a Japanese locale. Under the policy rule, forcing a specific language without user opt-in is a natural-language policy concern.

Natural-Language Policy Violations

Low
Confidence
86% confidence
Finding
This markdown file presents all instructions and guidance only in Korean, and there is no indication that the user can opt into another language or that the skill is intended exclusively for a Korean-speaking audience. Under the language/locale policy criterion, forcing a single language without opt-in can be a natural-language policy violation.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.