Xero
Security checks across malware telemetry and agentic risk
Overview
The available evidence shows a clean, coherent skill version with no artifact-backed signs of hidden or unsafe behavior.
This looks reasonable to install based on the available evidence, but still review the skill's visible instructions and any credentials or tools it asks you to use before running it.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
63/63 vendors flagged this skill as clean.