Security audit

Cold Process Soap Making Basics

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed cold-process soap-making guide with real lye safety risks, but no hidden code, credential access, or unrelated agent behavior.

Install only if you are intentionally seeking cold-process soap-making help and can handle lye safely with accurate measurement, PPE, ventilation, and appropriate supervision. Treat the recipe and safety guidance as something to verify against reputable soap-making and chemical-safety references before physically mixing lye, and do not use this as a general emergency hygiene substitute when proper materials or safe working conditions are unavailable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The activation guidance is broad and framed around generalized hardship scenarios like supply shortages, grid-down conditions, and barter needs, which can cause the skill to be invoked in high-stress situations without adequate user readiness. In this context, overbroad triggering is risky because the skill directs hazardous lye-based chemical handling, so inappropriate invocation increases the chance of physical injury from caustic materials.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal