Recipes

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward recipe organizer that saves recipes locally and may fetch recipe pages when given URLs.

Before installing, expect the skill to create or update files in ~/recipes/ and to contact external recipe websites when you provide a URL. Use it for recipes you are comfortable storing locally, and ask the agent to confirm before saving or fetching if that matters to your workflow.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly says to create `~/recipes/` and save user-provided recipes, but it does not say to obtain user confirmation before making filesystem changes. That can lead to unexpected file creation or persistence of sensitive personal content on disk, especially if the skill activates on loosely phrased recipe-related conversation.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill states that a URL should be fetched and extracted without warning the user about network access. Fetching arbitrary user-supplied URLs can expose metadata, trigger requests to internal or sensitive endpoints in some environments, and surprise users who did not expect external network activity.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal