Mingshu Classifier

Security checks across malware telemetry and agentic risk

Overview

This skill is a local, read-only file classifier whose sensitive file access is disclosed and aligned with its purpose.

Install only if you want a local agent to inspect filenames and supported file contents for privacy classification. Choose a narrow target directory, use --name-only when content inspection is unnecessary, and treat exported CSV/JSON reports as sensitive because they may reveal file paths and matched sensitive keywords.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The manifest includes broad trigger phrases such as file scanning, compliance checking, privacy assessment, and PII classification, which can overlap with common user requests and cause the skill to activate unexpectedly. In this context, accidental invocation is more concerning because the skill is designed to inspect directory contents and classify potentially sensitive files, so overbroad routing could expose private data or perform analysis the user did not intend.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal