Security audit
Qa Quality Metrics
Security checks across malware telemetry and agentic risk
Overview
The supplied scanner telemetry is clean, but the target skill files were not available for direct manual review in the workspace.
Because the target artifact text was not available for direct inspection, install only if the listing, publisher, and requested permissions match what you expect. Based on the supplied clean telemetry and absence of artifact-backed concerns, there is no reason to place this skill in Review or mark it malicious.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
62/62 vendors flagged this skill as clean.