Caveman Compress Mode

Security checks across malware telemetry and agentic risk

Overview

This appears to be a low-risk communication-style skill, with the main issue being that terse mode may activate too broadly and persist longer than users expect.

Install only if you want a persistent terse-response mode. Be aware that common phrases like asking the assistant to be brief may activate it, and confirm the opt-out command before using it in important or complex tasks.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger phrases are broad enough to activate on common user requests such as 'be brief' or 'less tokens', which can unintentionally switch the assistant into a persistent alternate behavior. Because the mode stays active across later turns until explicitly disabled, accidental activation can silently alter future responses and reduce user control over communication style.

Natural-Language Policy Violations

Low

Confidence: 91% confidence
Finding: The skill enforces persistent terse output once triggered and does not automatically revert, which overrides normal conversational choice in subsequent turns. While this is primarily a UX and control issue rather than direct code execution risk, it can degrade clarity, especially in complex or sensitive interactions, and makes accidental activation more harmful.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal