Adaptive Suite.Bak

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly transparent and contains no executable code, but it asks agents to inventory NAS file metadata without enough limits or privacy safeguards.

Install only if you need a broad assistant that may help build a NAS inventory tool. Before using the scraper, require explicit confirmation, limit scans to selected directories, decide where metadata is stored, avoid sensitive shares, and use narrowly scoped or disposable API keys.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The skill declares a very broad, multi-domain capability set without clear scope limits, triggers, or task boundaries. In an agent environment, this can cause over-activation, unsafe tool use, or handling of sensitive tasks outside intended domains, especially because the metadata advertises multiple executables and API-key usage.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The instructions repeatedly direct the agent to 'continuously' search, adapt, learn, and operate across coding, business, web, data, and NAS-scraping domains without concrete guardrails. This broad operational mandate increases the risk of prompt injection, unbounded external access, over-collection of data, and execution of actions not tightly tied to a user's specific request.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal