Ai Agent Tools Version Changelog

Security checks across malware telemetry and agentic risk

Overview

This is a simple markdown-only helper for checking public AI-tool release notes, with a minor risk that broad update wording could trigger it in the wrong context.

Before installing, know that the skill may fetch public GitHub release pages when update or version wording appears. Specify the exact tool for ambiguous requests, and treat the listed upgrade commands as references that should only run after explicit user approval.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger phrase “升级” is overly broad because it can match many user intents unrelated to checking changelogs, such as upgrading software, dependencies, systems, or plans. This can cause the skill to activate in the wrong context and return misleading version guidance or upgrade commands, which is a security-relevant scope/control weakness even though the skill itself is otherwise read-only.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal