Back to skill

Security audit

Work Productivity SkillScan Security Workflow Helper

Security checks across malware telemetry and agentic risk

Overview

This is not malicious, but it needs review because its English security-gate purpose conflicts with broader Chinese and README instructions that could activate too widely or provide a weaker workflow than users expect.

Review before installing. The skill has no executable malware indicators and VirusTotal/static scan are clean, but its scope should be tightened: align all language versions to the same security-review workflow, remove generic triggers, and disable or constrain implicit invocation unless activation requires an explicit skill-security-review request.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The manifest advertises a security review workflow, but the actual skill body describes a broad demand-validation and productivity helper. This mismatch can cause users or orchestrators to invoke the skill under false assumptions, leading security-sensitive tasks to be handled by a prompt that is not scoped, constrained, or validated for security review behavior.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The body content documents a general-purpose workflow centered on demand validation, planning, and productivity support rather than security review. In a security workflow context, this creates a capability confusion issue: users may rely on the skill for security gating even though its instructions do not enforce threat analysis, permission review, secret handling checks, or other expected security controls.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger sentences are highly generic and reuse broad natural-language fragments such as 'help me' and 'I need a practical workflow', which can cause the skill to activate outside its intended security-review context. In an agent environment, overbroad activation can route unrelated user requests into this skill, leading to incorrect task handling, unnecessary access to sensitive files, or bypass of more appropriate safeguards.

Vague Triggers

High
Confidence
96% confidence
Finding
The trigger phrases are generic natural-language prompts that can match ordinary user requests about workflows, bug fixing, and hardening, causing the skill to activate unintentionally. In a security-review helper, accidental activation can misroute user intent, apply the wrong workflow, or create confusing trust signals around security gating, making the issue more concerning than in a purely informational skill.

Vague Triggers

High
Confidence
96% confidence
Finding
The trigger keywords include very common terms such as 'security', 'must', 'pass', 'before', and 'activate', making accidental or overly broad activation likely. In an agent environment, this can cause the wrong skill to intercept unrelated tasks, resulting in misrouting, unintended prompt influence, or bypass of more appropriate specialized skills.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The activation description is broad and unclear, covering wide categories of requests for practical workflows, artifacts, analysis, or implementation support around loosely related keywords. This increases the chance that the skill activates outside its intended scope and influences tasks it was not designed to handle safely.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The example trigger phrases are generic and do not establish boundaries, so they reinforce broad matching behavior rather than safe, deliberate invocation. Without counterexamples or constraints, users and routing systems may treat loosely related wording as sufficient to activate the skill.

Vague Triggers

High
Confidence
94% confidence
Finding
The trigger sentences are broad, natural-language phrases that can match many ordinary user requests unrelated to this specific security workflow. That increases the chance the skill is invoked unintentionally, causing overbroad activation, user confusion, and possible interception of requests that should be handled by a different skill with different trust boundaries.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The keyword list includes highly generic terms like 'security', 'gate', 'every', 'must', 'pass', and 'bug fix', which are common across many unrelated conversations. In an agent-routing context, such generic triggers can cause this skill to activate outside its intended scope, creating prompt-routing ambiguity and increasing the chance of inappropriate access to sensitive user context.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.