The Art Of Deception Controlling The Human Element Of Security

Security checks across malware telemetry and agentic risk

Overview

The available evidence shows no malware or harmful actions, but the full skill artifact was not present to verify beyond scanner telemetry.

Install only if you are comfortable with the skill appearing in broad security- or hacking-related conversations. Treat it as educational content, and review its actual SKILL.md before use if you want tighter trigger behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The skill is configured to trigger on extremely broad terms such as 'security', 'hacking', 'phishing', and even on users saying they just installed the skill. This can cause the skill to activate in many unrelated contexts, increasing the chance of unwanted interception, response hijacking, or accidental exposure of users to social-engineering-themed content when they did not explicitly request it.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal