Visual Concept

Security checks across malware telemetry and agentic risk

Overview

This skill only turns user-provided or current conversation context into a visual concept guide and does not show file access, network use, or hidden execution.

Reasonable to install for visual concept planning. Be aware that it may synthesize the current conversation by default, so use explicit invocation or confirmation in sensitive discussions if you do not want the conversation transformed into a concept guide.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger condition allows activation not only on explicit invocation but also when 'deep technical insight emerges,' which is subjective and broad. In agent environments, vague auto-activation criteria can cause the skill to run unexpectedly on unrelated conversations, increasing unnecessary context exposure and reducing user control.

Natural-Language Policy Violations

Low

Confidence: 81% confidence
Finding: The trigger text specifies '明示呼出' as the explicit invocation phrasing, which introduces a language-specific invocation convention without indicating multilingual support or user choice. This can cause inconsistent behavior, accidental non-invocation, or bias toward a specific locale in mixed-language environments.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal