测试

Security checks across malware telemetry and agentic risk

Overview

This is a harmless placeholder/test skill, but it likely will not do useful work until its template text is replaced.

Safe to install from a security standpoint, but treat it as a placeholder. It should not be relied on for real work until the author defines concrete inputs, outputs, trigger conditions, and behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill's invocation section is entirely placeholder text and does not define concrete input boundaries, trigger conditions, or operational constraints. This ambiguity can cause the agent to be invoked in unintended contexts or with unsafe assumptions, increasing the risk of misuse, over-broad execution, or incorrect handling of sensitive tasks.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal