Back to skill

Security audit

Analysis

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent system health-check helper, but users should know it can inspect sensitive local configuration and suggest potentially impactful fixes.

Install this only if you want an agent to audit its local workspace, configuration, credentials, integrations, and operational state. Run it intentionally, review any proposed auto-fixes before applying them, and enable persistent tracking or heartbeat checks only if you are comfortable storing health summaries over time.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger phrases include very broad everyday language such as 'what's wrong', 'diagnose', and 'something feels off', which can cause the skill to activate outside the user's clear intent for system self-diagnosis. Because this skill is designed to inspect the agent's own workspace, configuration, and integrations, accidental invocation could lead to unnecessary exposure of sensitive operational context or execution of intrusive checks.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The file instructs the system to write analysis results to persistent storage (`memory/health-status.md`) but does not clearly require an explicit user-facing notice or consent regarding retention. This can create privacy and data-governance issues because operational or security findings may accumulate over time in a way the user does not fully expect.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.