Back to skill

Security audit

spec-task

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed, instruction-only task-management workflow that creates local task files and optional memory archives, with no hidden executable code or network behavior found.

Install only if you want a strict task-management workflow. Expect it to create local project task documents and, when archived, memory summaries or lessons; review archive settings and avoid putting secrets or sensitive task details into task summaries, outputs, history, or lessons.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The archive section instructs the skill to write task data into broader workspace memory/history locations outside the immediate task artifact directory. This expands the skill from scoped task management into persistent cross-task storage, which can leak sensitive task context, create unintended retention of user data, and violate least-privilege expectations if used on confidential work.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The schema includes generation of persistent 'lessons' files in shared workspace memory, but that capability is not necessary for basic task lifecycle enforcement. Because lessons can summarize prior tasks and outputs, this creates a durable knowledge accumulation channel that may store sensitive information, influence future tasks, or enable data propagation well beyond the original task's purpose.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.