Uxc Skill Creator

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent helper for creating UXC wrapper skills, and its remote probing, auth checks, and validation script are disclosed and fit that purpose.

Safe to install for creating UXC wrapper skills. Use it with provider endpoints you trust, review OAuth or API-key scopes before connecting accounts, and remove local UXC links you no longer need.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The default prompt tells the model to use this skill whenever creating or refining UXC-based wrapper skills, but it does not define clear activation boundaries, approval conditions, or limiting criteria. Overly broad invocation language can cause the skill to be selected in unintended contexts, increasing the chance that remote-tool wrapper generation, validation logic, or policy guidance is applied where it is unsafe or inappropriate.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal