Ai Company Cho 2.0.0

Security checks across malware telemetry and agentic risk

Overview

This HR governance skill is coherent and not malicious, but it requests broad authority over sensitive personnel workflows without clear operational limits.

Install only if you intend to use it as a high-authority HR governance assistant. Keep it advisory by default, restrict file paths/API endpoints/MCP recipients, and require explicit human approval before personnel decisions, compensation changes, data sharing, file writes, or inter-agent delegation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger list includes broad HR terms like '绩效体系', '激励体系', and '人力资源官' that could activate the skill during ordinary discussion rather than explicit invocation. Because the skill has elevated capabilities and governance authority, accidental invocation could expose sensitive HR workflows, route data to subagents, or cause unintended policy-generation actions.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill requests read/write file access, network API access, and session/subagent capabilities, yet the document does not clearly disclose when data may be written, transmitted, or delegated. In an HR/governance context, this is especially risky because tasks may involve sensitive personnel, performance, or compliance data, so users may unknowingly authorize broad handling of confidential information.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal