Back to skill

Security audit

Performance Profiler

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real performance profiling skill, but it needs review because its examples can run arbitrary benchmark commands and stress services without clear safety limits.

Review the skill before installing. Use it only on code, hosts, and services you own or are authorized to test; avoid production targets unless formally approved; start with low concurrency and short durations; and do not let the agent benchmark commands derived from untrusted text.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill provides multiple load-testing recipes using curl, ab, wrk, and autocannon, but does not warn that these commands can degrade or disrupt real services if run against production or third-party targets. Because this is an operational skill intended for broad use, omission of safety boundaries increases the chance of accidental denial-of-service behavior by a user following the instructions verbatim.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.