Handbuilt Pottery Pit Firing Basics

Security checks across malware telemetry and agentic risk

Overview

This is a pottery-planning skill that discloses its filesystem logging and does not contain executable code or hidden behavior.

Install only if you are comfortable letting the agent create and update local pottery project records, including clay-source notes, schedules, and firing logs. Use a dedicated folder, avoid sharing precise GPS details if unnecessary, and independently verify local fire rules, soil safety, and food-use safety before making functional ware.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 82% confidence
Finding: The skill explicitly states it will maintain filesystem-based logs, inventory trackers, and firing schedules, but it does not clearly warn users that local project data will be written and retained. While the data described is not highly sensitive by default, unannounced local writes can still create privacy surprises, leak location or schedule details, or cause unintended persistence on shared systems.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal