requirement-clarifier

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill asks the agent to clarify requirements before implementation and does not show hidden execution, data access, persistence, or external communication.

Install this if you want the agent to pause and clarify software requirements before coding or design work. Expect more clarification questions on development tasks, but the reviewed artifact does not disclose or implement hidden commands, credential access, persistence, or external data handling.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The activation condition is broad enough to trigger on a large share of normal development requests ('开发、修改、分析或设计'), which can cause the skill to intercept tasks unexpectedly and alter agent behavior without clear scoping. In an agent environment, over-broad auto-activation can create prompt-routing confusion, unnecessary blocking loops, or denial of expected task execution until the user answers clarifying questions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal