Back to skill

Security audit

Skill Installer

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward GitHub skill installer, but users should treat installed repositories as trusted code because they persist new agent instructions locally.

Install only from GitHub repositories you trust, especially when using private-repo tokens. Review the target skill's SKILL.md before installing, and remember that installed skills persist across sessions and can influence future agent behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
83% confidence
Finding
The invocation description is broad enough to match common user requests like installing or adding a skill from a GitHub URL, which can cause this skill to activate frequently in situations involving untrusted repositories. In this context, activation leads directly to network-based retrieval and local installation of persistent content, increasing the chance of importing malicious skills or unsafe instructions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.