Back to skill

Security audit

Shuxia Skill Library

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only meta-skill for improving other skills, with no executable code or hidden data access.

Install only if you want a meta-skill that helps review or strengthen other agent skills. Before use, update the hard-coded local pattern file path if it does not match your Codex skills directory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The frontmatter description is broad enough to match many generic requests about creating, reviewing, or refining skills, which can cause this skill to trigger outside its intended niche. Over-broad activation is dangerous because it can inappropriately steer unrelated tasks into this meta-skill, creating instruction interference, misrouting, and reduced adherence to task-specific safety boundaries in other skills.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.