Farm Task Manager

Security checks across malware telemetry and agentic risk

Overview

This is a local farm task tracker with documented local storage, export, and delete behavior, and no evidence of hidden networking, credential access, or persistence beyond its task file.

Reasonable to install for local farm task tracking. Avoid storing secrets in task notes, and choose export paths deliberately because exports write files under your home directory and may overwrite an existing file.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

Medium

Confidence: 88% confidence
Finding: The security section makes contradictory safety claims by saying file operations are restricted to safe directories while also allowing the entire home directory. Allowing writes or reads under ~/ materially broadens access and can expose personal files, tokens, SSH material, shell configs, and other sensitive user data if path validation is incomplete or misunderstood.

Missing User Warnings

Medium

Confidence: 81% confidence
Finding: The skill documents a destructive delete operation with no warning, recycle behavior, confirmation prompt, or recovery guidance. In an agent-driven environment, that increases the chance of accidental or automated data loss, especially if task IDs are guessed incorrectly or commands are issued non-interactively.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal