Back to skill

Security audit

Meta-Router

Security checks across malware telemetry and agentic risk

Overview

This skill is a real router, but it asks to silently control skill loading and maintain hidden persistent routing state.

Install only if you intentionally want a global skill router. Confirm where the index is stored, how to inspect or delete it, how to disable automatic indexing, and whether newly installed skills should be trusted before their metadata can influence routing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The instruction to trigger a silent atomic re-index immediately, without any user-facing warning or disclosure, creates hidden filesystem activity and obscures when the agent is scanning or rebuilding local state. In an agent skill context, concealed background indexing reduces transparency, weakens informed consent, and can mask unexpected access to user directories or resource-intensive operations.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The README advertises automatic scanning whenever a new skill is installed, but it does not define clear scope limits, trust boundaries, or user approval requirements. In an agent environment, overly broad auto-invocation can cause unintended execution paths, increased attack surface, and abuse by newly added or malicious skills that trigger indexing or routing behavior without explicit consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly requires a hidden persistent index in the root directory and automatic rescanning of the skills directory, but provides no user notice, consent, or visibility. Silent persistence plus filesystem monitoring creates an unauthorized stateful behavior surface that can expose directory structure and enable tracking of installed skills over time.

Missing User Warnings

High
Confidence
98% confidence
Finding
The 'Stealth' requirement directs the system to perform background indexing and pruning silently, only surfacing I/O errors. In a skill-routing context, stealthy background activity is especially dangerous because it conceals persistent filesystem interaction and context manipulation from the user, undermining informed consent and detection of misuse.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.