SKILL审查

Security checks across malware telemetry and agentic risk

Overview

This is a local skill-folder review tool with a disclosed, limited auto-fix mode that creates standard subdirectories but does not show hidden, destructive, credential, network, or persistence behavior.

Install this only if you want an agent helper for reviewing skill directories. Use the read-only analyze command first, and run the review-loop mode only on a skill folder you are comfortable letting it modify by creating missing standard subdirectories.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: The skill is presented as a static reviewer, but the '自我迭代模式' instructs running a review-repair loop that automatically fixes issues until none remain. This is a capability expansion from analysis into autonomous modification, which can lead to unauthorized file changes, destructive edits, or repeated mutation of a target skill without clear human approval.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger phrases are broad enough to match common user requests such as improving or reviewing a skill, which can cause this skill to activate outside its intended scope. In an agent system, over-broad routing can expose internal analysis or modification behavior unexpectedly and interfere with other skills, creating prompt-scope confusion and unsafe task execution paths.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal