Back to skill

Security audit

Accountability

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate operations follow-up tracker, but it gives agents broad authority to maintain persistent tracking files and run stored check commands without clear approval boundaries.

Install only if you want an agent to maintain persistent operations follow-up files and help verify production-like checks. Keep FOLLOWUPS.md trusted, avoid secrets in check commands, require confirmation before running any stored command, and inspect any heartbeat or external automation before enabling it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill states that it will automatically maintain, move, and remove entries across ACCOUNTABILITY.md, FOLLOWUPS.md, and ARCHIVE.md, but does not prominently warn the user that file contents may be modified or deleted. In an agent setting, silent write/delete behavior can cause unintended state changes, loss of audit data in the working file, or modification of the wrong repository root if path assumptions are wrong.

Missing User Warnings

High
Confidence
97% confidence
Finding
The session-start protocol instructs the agent to read FOLLOWUPS.md and run stored check commands automatically. Because those commands may contain network access, shell pipelines, or credentialed operations using environment variables, this creates a command-injection and unintended-action surface where untrusted file contents can trigger execution at the start of every session.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.