Back to skill

Security audit

Axiomata Skill Evaluator Zh

Security checks across malware telemetry and agentic risk

Overview

This skill is a self-contained skill-quality evaluator that reads local skill files and prints reports, with no evidence of network access, credential use, persistence, or destructive behavior.

Install only if you want a local skill-quality checker. Run it on specific skill directories by default, use --all only when you intend to scan sibling skill folders, and do not provide credentials because the artifacts do not need them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases are broad and generic, such as terms equivalent to 'evaluate skill', 'improve skill', and 'check quality', which can overlap with ordinary conversation. In an agent environment, overly broad triggers can cause unintended activation of the skill, leading the agent to run evaluation workflows or recommend script execution in contexts where the user did not explicitly request it.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.