Naming And Domains

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only naming and domain checklist with no code, hidden access, credential use, or automatic actions.

Safe to install as a planning guide. Users should still personally review domain purchases, social-handle claims, and trademark decisions before spending money or relying on legal conclusions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger list contains broad, common phrases such as 'business name', 'product name', and 'domain name' that may match many ordinary conversations and cause the skill to activate unexpectedly. Over-broad invocation can route unrelated user requests into this skill, increasing the chance of unintended guidance, privacy leakage into external naming/domain workflows, or interference with more appropriate skills.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal