llm-wiki

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only skill for maintaining an LLM-assisted wiki; its main risk is broad local wiki edits, which fit the purpose but should be user-scoped.

Install only if you want an agent to help maintain a local markdown or Obsidian wiki. Use it on a specific vault or directory, keep version control or backups, and ask for a proposed change list before large ingest, lint, or wiki-wide update operations. Treat any optional external tools, plugins, or links as separate opt-in decisions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 93% confidence
Finding: The skill file includes unsolicited promotional/contact information in Chinese that is unrelated to the documented wiki functionality. In an agent skill context, this is risky because it introduces extraneous author-directed content that could steer users off-platform, create trust confusion, or serve as a channel for social engineering even if it is not executable code.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal