Intelligent Delegation

Security checks across malware telemetry and agentic risk

Overview

This is a coherent delegation helper, but it should be reviewed because it encourages persistent scheduled checks and can understate the risk of irreversible tasks.

Install only if you want an agent workflow that may create persistent task logs, consult those logs later, delegate work to other agents, and schedule one-shot follow-up checks. Keep logs project-scoped, do not store secrets in TASKS.md or performance notes, approve any cron job before it is created, remove scheduled checks after completion, and manually require human approval for irreversible or high-impact actions regardless of the scoring tool's recommendation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 78% confidence
Finding: The skill advertises workflow guidance but references verification actions that imply network-capable behavior, specifically checking whether localhost ports are alive. Even if limited to local services, undeclared capability expansion reduces transparency and can surprise users or policy systems that rely on declared permissions.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 88% confidence
Finding: The documented purpose is delegation management, but the described tooling also performs filesystem inspection, SQLite access, and localhost service checks. This mismatch is security-relevant because users may install the skill for coordination features without realizing it can inspect local artifacts and query running services, creating an unexpected attack surface.

Missing User Warnings

Low

Confidence: 84% confidence
Finding: The skill instructs users to persist task state, results, and performance notes to TASKS.md and related memory files without warning that these records may contain sensitive prompts, outputs, identifiers, or operational context. In shared workspaces or long-lived environments, this can create an unintended data retention and disclosure risk.

Missing User Warnings

Medium

Confidence: 82% confidence
Finding: The recommendation to schedule cron-based follow-up checks introduces autonomous background execution on the user's system without adequately warning about persistence, repeated execution context, or misuse if commands are misconfigured. Background schedulers can outlive the original task and may continue accessing files or services unexpectedly.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The fallback trigger includes a subjective condition: output is 'clearly wrong (empty, truncated, nonsensical)'. Because this is natural-language and not operationally defined, agents may reroute or retry inconsistently, which can cause incorrect recovery behavior, wasted execution, or unsafe delegation decisions in an autonomous workflow. In this skill's context, automated fallback chains amplify the risk because ambiguous failure detection directly controls when tasks are retried, escalated, or handed to different agents.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal