ts5

Security checks across malware telemetry and agentic risk

Overview

This skill is a small TypeScript starter helper whose disclosed shell script currently only prints status messages and does not access secrets, modify files, call the network, or persist anything.

Reasonable to install based on this version. Review future updates before using --deploy, because the skill requests shell execution and a later version could replace the current echo-only script with real deployment or file-changing commands.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Behavioral ASTexec() Call, eval() Call, Dynamic Import
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The manifest requests the broad "exec" permission for a starter-kit/template skill, which enables arbitrary shell command execution when the skill is run. In a template/monorepo setup context, this is riskier than necessary unless narrowly justified, because consumers may import and trust the skill as boilerplate while it can invoke local commands or scripts on the host.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly advertises a one-click deployment flow and provides a concrete `--deploy` command, but it does not include any warning, confirmation step, scope limitation, or explanation of what systems or environments may be affected. In an agent-invocable skill with `exec` permission, this can normalize running deployment commands that may modify infrastructure, publish code, or impact production data without adequate operator awareness.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal