Back to skill

Security audit

Brainstorming

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed design-planning workflow that reads project context and creates a committed spec, with no evidence of hidden exfiltration or destructive behavior.

Install this if you want a strict design-first workflow. Expect it to slow down even small feature changes, read repository context, create a spec file, and make a git commit for the design; review those changes before letting implementation proceed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The activation description is extremely broad ('before any creative work') and can match a wide range of normal development requests, causing this skill to trigger in many contexts where it may not be necessary. Overbroad auto-activation can steer agent behavior toward unnecessary file inspection, task creation, documentation, and workflow control, increasing the chance of unintended side effects and user-friction.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to write a design document and commit it to git as part of the required flow, but it does not require an explicit user-facing warning before modifying files or creating commits. This can lead to unauthorized workspace changes and version-control side effects, especially if the skill is auto-invoked from a broad trigger.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The visual companion flow says that upon approval the browser tab opens automatically, but the warning about this system action is minimal and buried in process instructions rather than framed as a clear operational consent step. Automatic opening of local browser UI is a side effect that should be explicitly disclosed immediately before execution.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.