DTEK Light

Security checks across malware telemetry and agentic risk

Overview

This skill runs a disclosed local Playwright script to check one public DTEK outage page, with no evidence of credential access, persistence, destructive behavior, or data exfiltration.

Install only if you are comfortable with a local Node.js/Playwright script launching Chromium and contacting DTEK's public outage page for the fixed Odesa address. Review or edit the response wording before using it in a shared, Ukrainian-language, or professional setting.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger phrases are short, generic, and likely to match ordinary user conversation, which can cause the skill to activate unintentionally. That can lead to unexpected external browsing/execution behavior and irrelevant or disruptive responses, especially because the skill launches a local script that queries a third-party site.

Natural-Language Policy Violations

Medium

Confidence: 93% confidence
Finding: The skill hard-codes Russian response templates and does not adapt to the user's language or locale, which can produce misleading, inaccessible, or inappropriate output for users speaking Ukrainian or another language. In this context, the issue is amplified by the inclusion of abusive phrasing, increasing reputational and usability risk even if it is not a direct system-compromise vector.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal