Back to skill

Security audit

Customer Onboarding

Security checks across malware telemetry and agentic risk

Overview

This is a marketing-planning skill made of Markdown guidance only, with no executable behavior or hidden access.

Before using the generated onboarding plan, verify that any SMS, push, and email campaigns follow applicable consent, unsubscribe, quiet-hour, privacy, and marketing-law requirements. Also treat the crypto and purchase capability tags as metadata noise unless the publisher explains why they are needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly recommends SMS and push notifications for post-purchase messaging but does not mention obtaining valid consent, honoring opt-out preferences, or complying with applicable privacy and marketing communication laws. In a real implementation, users may operationalize this guidance as-is, creating legal, privacy, and trust risks through unsolicited or improperly governed messaging.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.