Huizai Error Guard

Security checks across malware telemetry and agentic risk

Overview

This error-recovery skill is mostly coherent, but its recovery command can stop all active agent sessions, not just its own work.

Install only where it is acceptable for a recovery action to interrupt active agent sessions. Before using it in shared or production workflows, require confirmation or authorization for flush/recover, restrict process killing to this skill's own spawned sessions, and define redaction rules for any saved error context or event metadata.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

Medium

Confidence: 94% confidence
Finding: The flush command is documented as an emergency stop for task handling, but it also iterates over and kills all active exec sessions globally. If this command is reachable by less-trusted callers, it becomes a broad denial-of-service primitive that can terminate unrelated work outside this task registry's scope.

Missing User Warnings

Medium

Confidence: 83% confidence
Finding: This helper unconditionally sends task event data and arbitrary metadata to a remote session via sessions_send without any visible consent, disclosure, filtering, or minimization. If callers place sensitive values in meta or misuse sessionKey, the code can exfiltrate operational or user-related data to another session/channel with little transparency or control.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal