Analysis

Security checks across malware telemetry and agentic risk

Overview

This is a coherent system health-check skill, but it gives broad diagnostic and remediation guidance around credentials, local state, and workspace files without consistently requiring user confirmation.

Install only if you want an agent to perform system-level diagnostics. Run it in report-only mode first, approve authenticated checks and remediation commands one by one, avoid printing secret values, and review any persistent tracking or heartbeat settings before enabling them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (6)

Vague Triggers

High

Confidence: 92% confidence
Finding: The trigger list includes broad, everyday phrases like "what's wrong," "diagnose," and "something feels off," which can cause the skill to activate in situations the user did not clearly intend. Because this skill performs self-diagnosis across workspace, configuration, skills, and integrations, unintended invocation could expose sensitive system state or initiate invasive checks beyond the user's expectation.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The remediation text instructs archiving or deleting memory files older than 30 days without an explicit warning to review contents, confirm retention requirements, or back up user data first. In an agent skill that may be followed operationally, this can lead to unintended loss of user-owned context or records.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The auto-fix template performs a bulk move of dated memory files into an archive directory automatically, but it does not warn that it modifies user data or require verification of what will be moved. Even though this is not deletion, silent relocation of memory artifacts can break workflows, hide important context, or cause effective data loss if downstream tools expect files in place.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The file recommends persistent storage of analysis history, including timestamps, categories checked, and issue counts, without a clear warning or consent flow for writing workspace data. Even if the data seems operational, accumulated history can reveal usage patterns, project structure, and security posture over time, creating avoidable privacy and information-disclosure risk.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: Heartbeat-based recurring analysis introduces ongoing background activity and repeated data updates, but the file does not prominently warn users that this may run automatically on a schedule. In a skill that inspects workspace, config, skills, and integrations, silent recurring checks increase the risk of unexpected file churn, privacy surprises, and repeated access to sensitive project state.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The instruction to write to `memory/health-status.md` after each run describes automatic modification of user workspace files without a prominent warning or explicit consent requirement. In this skill context, that is more concerning because the skill already operates across system health, configs, and integrations; silent writes can mislead users about what the agent changes and create persistent artifacts containing potentially sensitive operational summaries.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal