Security audit

Npc Dialogue Rehearser

Security checks across malware telemetry and agentic risk

Overview

This is a local dialogue-drafting skill with confusing real-world versus tabletop roleplay framing, but no evidence of hidden access, persistence, exfiltration, or destructive behavior.

Before installing, be aware that the skill mixes real-life conversation rehearsal with tabletop NPC writing. Use it as drafting support, not as advice for coercion, manipulation, harassment, or serious legal, medical, violent, or power-abuse situations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Intent-Code Divergence

Medium

Confidence: 90% confidence
Finding: The skill is presented as a real-world conversation rehearsal tool, but the usage scenarios pivot into tabletop RPG NPC and villain dialogue generation. This mismatch can cause the agent to activate in unintended contexts, weakening safety controls and making downstream behavior less predictable, especially where the skill claims to avoid manipulation but includes adversarial-style dialogue generation examples.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The usage guidance is broad and internally inconsistent, mixing support for real-world sensitive conversations with roleplay-adjacent NPC framing. Ambiguous scope increases the chance of the skill being invoked for manipulative, coercive, or otherwise unsafe dialogue coaching because the trigger conditions are not tightly bounded.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal