editor-classify-and-parse

Security checks across malware telemetry and agentic risk

Overview

This skill only guides an agent to classify and summarize script text, with no code execution, persistence, network use, or credential access.

Safe to install for Chinese-language script classification workflows. Users working in other languages should verify outputs carefully or add language-handling guidance, but the skill itself does not ask the agent to modify files, run commands, store data, or contact external services.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 92% confidence
Finding: The skill is written entirely in Chinese and does not provide any language negotiation, fallback behavior, or a documented reason for restricting interaction to Chinese. This can cause the agent to ignore or mishandle user input in other languages, leading to incorrect classification/parsing results and unreliable downstream workflow decisions.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal