SkillNav

Security checks across malware telemetry and agentic risk

Overview

SkillNav is a focused search and briefing skill, with a disclosed but unpinned self-update command users should treat carefully.

Install only if you want SkillNav's Chinese AI/tool search features. Review install commands shown in search results before running them yourself, and use /skillnav update only if you trust the GitHub repository because it replaces the local skill instructions with whatever is currently on the remote main branch.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The `update` action runs `curl` against a remote GitHub URL and overwrites the local skill file in `~/.claude/skills/skillnav/SKILL.md` without any integrity check, pinning, confirmation, or warning that a local file will be modified. This creates a supply-chain and local integrity risk: a compromised upstream repo, network path, or unexpected invocation could replace the user's installed skill with attacker-controlled instructions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal