Sell

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only selling guide that gives pricing, listing, platform, negotiation, and scam-safety advice without asking for credentials or running code.

Reasonable to install as a selling assistant. Review generated prices, listing text, platform choices, payment methods, and meetup plans before acting, and verify current marketplace fees and policies because they can change.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger set is broad enough to activate on common conversational requests like "how much is this worth" or "help me list," which can cause the skill to take over in situations where the user may not actually want marketplace-selling guidance. Over-broad activation increases the chance of unintended execution, context confusion, and unsafe downstream advice exposure, especially because this skill influences pricing, platform choice, and transaction behavior.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal