Zero to One

Security checks across malware telemetry and agentic risk

Overview

No malware or exfiltration signal was provided, and the only noted issue is broad activation wording rather than harmful behavior.

Install only if you want the assistant to proactively apply startup and Zero to One-style framing. If it activates in unrelated technology or business conversations, narrow or remove the generic trigger phrases.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill's trigger conditions are extremely broad, matching generic startup and technology terms that are likely to appear in many unrelated conversations. This can cause unintended invocation, leading to context hijacking, user confusion, and overexposure of the skill's prescribed behavior such as forced onboarding and watermarking.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal