Back to skill

Security audit

Loop Skill

Security checks across malware telemetry and agentic risk

Overview

This skill openly provides unattended multi-repository agent automation, but it asks agents to read repositories, write planning files, and start persistent background loops with too little confirmation or scoping.

Install only if you intentionally want unattended multi-repository automation. Before using it, decide the exact root directory, review which repositories scan discovers, expect docs/loop-plan.md to be written or updated, and be prepared to stop the loop with the documented down command. Avoid pointing it at broad home or workspace directories containing private or unrelated projects.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases are broad enough to match ordinary requests about project advancement, background automation, or planning, which can cause the skill to activate in contexts the user did not specifically intend. Because this skill immediately drives unattended multi-repo orchestration and suppresses follow-up confirmation, accidental invocation can lead to unreviewed scanning, plan generation, and long-running background activity.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly promotes zero-human-configuration, unattended execution across multiple repositories, including repository-wide reading, writing planning documents, and starting a persistent background loop, but does not present an upfront warning about scope, persistence, or possible system and data impact. In this context, the danger is amplified by instructions like '禁止打扰用户' and 'up 成功后禁止反问', which reduce opportunities for informed consent before potentially sensitive files are scanned or modified.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.