Explain

Security checks across malware telemetry and agentic risk

Overview

This skill is a small explanation-style helper that only stores local preference notes, with no evidence of code execution, credential use, network transfer, or destructive behavior.

Install this if you are comfortable with the agent keeping local notes about your explanation preferences in ~/explain/memory.md. Review, edit, or delete that file if you do not want those preferences retained.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly persists user explanation preferences to `~/explain/memory.md`, which creates long-lived storage of behavioral/profile data without any notice, consent flow, retention limit, or deletion guidance. Even though the data appears low sensitivity, it can still reveal user interests, domains, and communication preferences over time, and the human-facing explanation context does not require indefinite silent persistence to function.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal