Automation Token Optimizer

Security checks across malware telemetry and agentic risk

Overview

The skill appears aimed at token or automation analysis, but it may read sensitive local session prompts without clear consent or redaction controls.

Install only if you are comfortable with the skill reading local automation/session history. Before using it, ask it to start with aggregate token metrics only, avoid displaying full prompts by default, redact sensitive task names or business details, and request confirmation before opening individual high-consumption prompt records.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill instructs the agent to read a local SQLite database containing automation session metadata and then inspect high-consumption task prompts, which may expose sensitive prompt contents, task names, schedules, and business context. Because the instructions do not require consent, minimization, or redaction before accessing and reporting this data, the skill increases the risk of unnecessary disclosure of local sensitive information.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal