Ai Agent Setup

Security checks across malware telemetry and agentic risk

Overview

This is a small instruction-only consulting skill for discussing AI agent setup, with no code, credentials, persistence, or hidden system access.

Before using this skill for real deployment, separately confirm scope, pricing, authorization, credentials, testing, and rollback plans. Treat any later request for account access or production changes as a separate decision requiring explicit approval.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger condition, effectively 'when the user says they want to build an AI agent,' is broad enough to overlap with ordinary conversation and can cause the skill to activate without clear user intent to engage a paid setup/deployment service. Because the skill also includes quoting and deployment behavior, accidental invocation could steer users into commercial or operational actions they did not explicitly request.

Missing User Warnings

Medium

Confidence: 83% confidence
Finding: The skill states it can deploy to customer platforms but does not warn users that deployment may affect live systems, permissions, integrations, or business operations. In a service-oriented skill, omission of this warning increases the chance that users authorize or expect operational changes without understanding the risks or required safeguards.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal