Startup

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only startup advice skill with no code or credential access, though it may route work to multiple specialist agent roles.

Reasonable to install for startup strategy and operations help. Be mindful that complex requests may be split across specialist agent roles, so avoid sharing unnecessary confidential legal, financial, hiring, or fundraising details, or ask for a single-agent response when needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill activates on an extremely broad condition: effectively any time a user requests help, it instructs the system to spawn specialized agents. This can cause unnecessary delegation, overreach into many unrelated domains, and unexpected handling of ordinary requests, increasing the chance of unsafe or inappropriate agent use across sensitive areas like legal, finance, or hiring.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal