Open Source

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only open-source advisory skill with disclosed local notes and no evidence of hidden execution or external data sharing.

Safe to install as an advisory skill. Before using its memory features, decide whether you want open-source preferences and project context saved under ~/open-source/, and avoid storing confidential business, security, or licensing details unless you intentionally want them reused.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The setup instructs the skill to activate whenever `~/open-source/` is missing or empty and to start helping immediately, which creates an implicit, environment-based trigger with weak user intent verification. This can cause the skill to engage in contexts the user did not explicitly request, increasing the risk of unwanted persistence, scope creep, and interference with unrelated conversations.

Vague Triggers

Medium

Confidence: 97% confidence
Finding: The proposed activation boundaries are still overly broad because they key off common phrases like 'open source', 'self-host', or 'contributor workflows', which can appear in ordinary discussion without indicating consent to invoke this skill. In this context, the instruction to store activation decisions in memory makes accidental triggering more dangerous by persisting behavior changes across sessions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal