Hiring

Security checks across malware telemetry and agentic risk

Overview

This is a transparent, documentation-only hiring guide, but users should set strict approval and spending limits before allowing any real-world hiring or dispatch.

Before installing or using this skill autonomously, decide what the agent may spend, which platforms it may use, whether it may hire or dispatch someone without fresh confirmation, what locations or personal data it may share, and how contractor records, task proof, credentials, and tax documents will be stored and deleted.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The emergency-response section authorizes immediate dispatch with a 'break glass' budget but does not require strong confirmation of user authorization, privacy review, or safeguards against social engineering. In context, this skill enables real-world action by third parties, so weak controls can lead to unauthorized spending, disclosure of sensitive location or property information, and physical-world consequences.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal