Seismograph

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only code impact analysis skill that looks aligned with its stated purpose and does not ask for credentials, network access, persistence, or automatic changes.

Safe to install as an advisory analysis skill. Use it on repositories you are comfortable letting your agent read, and be aware that the broad 'simple change' trigger may cause the agent to run a more detailed impact review during ordinary engineering discussion.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger phrase "When someone says 'this should be a simple change'" is broad, conversational, and likely to appear in normal engineering discussion outside an explicit request to run this skill. That can cause accidental invocation, injecting large change-analysis behavior into unrelated conversations or workflows and increasing prompt-routing confusion in multi-skill environments.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal