Security audit

Network AI

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local orchestration helper that stores coordination and advisory permission state on disk, with no artifact evidence of hidden network, subprocess, or destructive behavior.

Install only if you want local multi-agent orchestration and are comfortable with persistent workspace files. Keep the data directory private, avoid putting secrets or personal data in permission justifications or project context, review project-context.json before injecting it into prompts, and treat generated grant tokens as advisory hints rather than real authorization.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 72% confidence
Finding: The skill instructs the agent to decompose complex requests into exactly three sub-tasks, which can drive unnecessary delegation and broaden the action surface regardless of user need. In an agentic environment, rigid forced orchestration can increase exposure to prompt-induced over-execution, extra file writes, and avoidable use of optional privileged components.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal