My Find Skills

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill helps users find and optionally install other skills, with a disclosed but opinionated registry preference for Chinese users.

Reasonable to install if you want help finding skills. Before approving any install, confirm the registry, slug, version, and risk summary, and tell the agent to use clawhub or another source if you do not want the skillhub preference for Chinese users or CN networks.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 91% confidence
Finding: The skill hard-codes a locale/network-based routing policy ('For Chinese users, prefer skillhub first') without requiring explicit user choice. That can silently alter where queries are sent and what registry is preferred based on inferred language or region, which creates privacy, transparency, and trust concerns and may steer users to a different supply chain than they expected.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal