Security audit

lv-guide-display

Security checks across malware telemetry and agentic risk

Overview

This is a messy calendar-helper skill with an overbroad trigger, but the artifact is only markdown and does not install code, request credentials, access private calendars, or run commands.

Install only if you are comfortable with a noisy calendar helper. The publisher should clean up the repeated metadata, narrow the trigger, and clearly disclose whether schedule management is only conversational or writes anywhere persistent.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The manifest advertises a narrow read-only calendar lookup skill, but the body documents broader capabilities including schedule creation and management. This mismatch can mislead reviewers, users, and policy gates about what the skill can do, increasing the risk of unreviewed data-handling behavior or unintended privilege use.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The declared trigger says the skill should activate only for mentions of today's calendar, but the documented intents cover tomorrow, holidays, countdowns, and schedule management. This creates scope drift and can cause the skill to be invoked in contexts users did not intend, potentially exposing calendar or schedule functionality during ordinary conversation.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: A broad trigger like mentioning today's calendar is ambiguous and likely to overlap with normal conversation, causing accidental invocation. In an assistant environment, unintended activation can route user queries to this skill without clear consent or expectation, especially if the skill has broader behavior than advertised.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The repeated activation text reinforces an imprecise invocation condition but never defines limits, exclusions, or disambiguation rules. That ambiguity increases the chance of false activations and, combined with the documented expanded feature set, broadens the practical attack surface of the skill.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.