Ram Review

Security checks across malware telemetry and agentic risk

Overview

This is a small persona-review skill with no executable code, but its trigger wording could be narrowed to avoid accidental activation.

Install this if you want a Ram-style persona to review work. Consider tightening the trigger phrase or requiring confirmation before session spawning if accidental persona handoffs would disrupt your workflow.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger phrases are vague and include common natural-language expressions such as asking what Ram thinks or requesting an evaluation, which can cause the skill to activate when the user did not explicitly intend a persona handoff. Unintended invocation can disrupt user workflows, cause confusing context switches via session spawning, and make downstream behavior less predictable.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal