Daily Review Dashboard

Security checks across malware telemetry and agentic risk

Overview

This skill is a local daily review dashboard helper that clearly says it will update review files, with no hidden code, network access, or credential use shown.

Install this only if you want an agent to maintain the local review_egg dashboard. Keep that folder private, avoid storing secrets in review text, and ask the agent to show the exact files or diffs before saving new daily reviews.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The trigger list is broad enough to activate on loosely related user messages about trading mistakes, emotions, or sentiment tags, which can cause the skill to engage outside the user's precise intent. Because the skill performs writes across several personal review files, accidental activation could lead to unintended modification of sensitive journaling data and integrity issues in the review system.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill explicitly describes writing to multiple files containing personal review content, summaries, and dashboard data, but does not warn the user or require acknowledgement before modifying them. This increases the risk of silent or unexpected changes to personal records, especially when combined with the broad activation conditions and the self-contained dashboard data stored in HTML.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal