Psyvector Pv31

Security checks across malware telemetry and agentic risk

Overview

This skill does not install code or request system access, but it presents itself for crisis or emergency use while explicitly lowering caution and disabling risk reminders.

Review this skill carefully before installing or using it. It appears to be a persona prompt rather than software with device access, but its emergency-response framing and disabled risk reminders make it unsuitable as a substitute for emergency services or qualified medical, legal, financial, or operational judgment.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly sets `risk_reminder` to `False` while presenting itself as an emergency/crisis-response persona with a very low `caution_coefficient` of 0.1. In a high-stakes context, suppressing risk reminders can push operators toward fast but insufficiently checked actions, increasing the chance of unsafe decisions during incidents.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal