Back to skill

Security audit

Compliance Audit Reporter / 合规审计报告器

Security checks across malware telemetry and agentic risk

Overview

This is a small documentation-only compliance reporting skill with no installer or executable payload, though its described reports and SIEM exports may contain sensitive security information.

Safe to install from the inspected artifacts. Before using any SIEM export or audit report sharing workflow, confirm what fields are included, redact sensitive evidence, and limit scans to systems and compliance data you are authorized to assess.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill advertises exporting compliance findings to SIEM platforms without warning that those findings may contain sensitive infrastructure details, security misconfigurations, evidence logs, or regulated data references. In a compliance-audit context, this omission is more dangerous because reports commonly aggregate high-value security metadata that could be over-shared to external systems or broader analyst audiences.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.