Security audit

AI Company Governance

Security checks across malware telemetry and agentic risk

Overview

This is a governance playbook rather than malware, but it grants broad agent, file, command, web, logging, finance, and provisioning authority without enough concrete user-control boundaries.

Install only if you want a broad multi-agent company-governance framework and will supervise it closely. Before using it for real operations, restrict shell/write/web/inter-agent tools, require explicit approval for agent creation, permission changes, financial actions, and external messages, and define where logs are stored, who can access them, how sensitive data is redacted, and when records are deleted.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger phrases are extremely broad (e.g., AI company, governance, strategy, risk, standardization) and are likely to activate in ordinary enterprise discussions unrelated to this skill’s intended scope. Overbroad activation increases the chance the skill is invoked unexpectedly with powerful tools available, which can lead to inappropriate workflow execution or expansion of privileged behavior.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill declares access to write, exec, and web_search alongside messaging, but the description presents this as a governance framework without clearly warning users that system-impacting actions may occur. In practice, this can mislead users into invoking a policy/coordination skill that also has code execution and file modification capability, increasing the risk of unintended local changes, command execution, or data exfiltration.

Missing User Warnings

Low

Confidence: 87% confidence
Finding: The audit log format explicitly captures timestamps, agent IDs, decisions, stakeholders, and outcomes, which may include sensitive operational, financial, legal, or personal data. Because the skill description does not provide privacy guidance, minimization rules, access controls, or consent/retention caveats, it creates a realistic risk of overcollection and long-term storage of sensitive information.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill specifies automated treasury actions such as '自动短期理财' and '自动调拨高收益产品' without an explicit user-facing warning, approval gate, suitability constraints, or loss/liquidity disclosures. In a CFO governance skill, these instructions could be implemented by downstream agents as autonomous movement of funds into financial products, creating material risk of unauthorized investment, liquidity shortfalls, or regulatory violations.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The document defines an automatic recruitment flow that can be triggered by a user request and ultimately leads to workspace creation, permission configuration, and registry updates, but it does not require explicit authorization, human approval, or user-facing disclosure before those state-changing actions occur. In a governance skill, this is dangerous because a simple prompt could cause privileged provisioning behavior, expanding system capabilities or access without adequate consent and control.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.