Skill Generator

Security checks across malware telemetry and agentic risk

Overview

This skill is a local skill-file manager that is proactive by design, but its durable changes are disclosed and gated on user approval.

Install only if you want an assistant to proactively watch for reusable workflow lessons and propose local skill updates. Review the target path and full proposed diff before approving any write, especially because changes to local skills can affect future agent behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger conditions are broad enough to fire after many normal task completions, causing the assistant to repeatedly propose skill generation even when the user did not ask for it. This can lead to unintended persistence of conversation content into reusable artifacts and create prompt-scope creep, especially because the skill instructs activation at the end of every dialogue loop.

VirusTotal

53/53 vendors flagged this skill as clean.

View on VirusTotal