Text

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only text-processing skill with disclosed examples, but users should be careful with commands that edit files or read .env files.

Safe for normal text work. Before installing, understand that an agent may run some examples as shell commands; confirm the exact target files, avoid in-place edits unless you have a backup or version control, and treat .env or config files as sensitive because they may contain secrets.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill includes an in-place editing command (`sed -i`) that modifies files directly without any warning, backup guidance, or safer preview alternative. In an agent skill context, users or downstream automation may copy these commands verbatim, causing unintended irreversible changes to important text files, especially during preprocessing workflows.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal