Security audit
ts4
Security checks across malware telemetry and agentic risk
Overview
This skill is a small, disclosed testing helper with execution permission, but its included script only prints fixed status messages and shows no harmful behavior.
Install only if you are comfortable giving this skill local command execution permission. The current files look harmless and very limited, but the project has little external provenance and appears more like a placeholder than a full testing framework.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
