physics-simulator

Security checks across malware telemetry and agentic risk

Overview

This is a small instruction-only physics simulation skill with no included executable code, but users should verify the referenced script and API key before use.

Install only if you understand where scripts/physics_simulator.py will come from. Before setting SIMULATION_API_KEY, confirm the service it authenticates to and use a minimal-scope key.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill's 'When to Use' section is very broad, with phrases like 'physics related functionality' and 'Automating simulation tasks' that do not clearly bound the skill's purpose or safe operating context. Overly permissive triggers can cause the agent to invoke this skill in inappropriate situations, increasing the chance of unnecessary execution, misuse of external resources, or unintended handling of sensitive user data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal