Aetherviz Master

Security checks across malware telemetry and agentic risk

Overview

This is a prompt-only educational webpage generator with disclosed external web-library use and no evidence of hidden data access, persistence, or destructive behavior.

Safe to install as a prompt-only skill. Before using generated HTML in offline, classroom, or sensitive environments, remember that it may load code from third-party CDNs; review or vendor those libraries if you need fully self-contained pages.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 94% confidence
Finding: The skill requires loading multiple third-party libraries from public CDNs while also asserting the output must be a standalone, zero-dependency HTML file. This contradiction can mislead downstream agents into emitting insecure or noncompliant artifacts, and reliance on remote scripts introduces supply-chain and privacy risk if those CDNs are unavailable, compromised, or swapped for unexpected content.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal