erebos

Security checks across malware telemetry and agentic risk

Overview

This skill is a simple dark-theme helper that discloses a local shell script, and the reviewed script only prints mode messages with no hidden data access or persistence.

Install only if you are comfortable with a skill that requests shell execution. The current bundle appears benign, but review future updates to scripts/theme-gen.sh before running them because exec permission would allow a changed script to do more than this stub does today.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: The manifest requests exec permission even though the documented purpose is limited to palette generation, preview, and token export. In agent environments, executable capability expands the attack surface significantly because any referenced script can invoke arbitrary commands, making a cosmetic/theming skill capable of unexpected system actions if compromised or modified.

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The manifest requests the "exec" permission even though the declared purpose is limited to theme generation, token management, and runtime theme switching. Shell execution materially expands the attack surface because a compromised or malicious skill could run arbitrary system commands, and no justification for that capability is visible in this manifest.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal