Security audit

Qa Tech Selection

Security checks across malware telemetry and agentic risk

Overview

The skill appears to provide testing-tool selection guidance, with only a minor overbroad-trigger concern and no evidence of harmful behavior.

Install if you want help comparing or selecting testing tools. Treat its recommendations as advisory, and confirm that it is being used for testing or QA decisions when your request is only generally about tool choice or framework selection.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill’s activation criteria are broad and keyword-driven, so it may trigger for loosely related requests about 'tool choice' or 'framework selection' without sufficient validation of user intent. This can cause inappropriate skill invocation, leading to irrelevant guidance, context confusion, or accidental exposure to unnecessary web-sourced recommendations, though it does not by itself enable code execution or direct data compromise.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal