Parallel Thinker

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about using multiple agents, but its runner can start unbounded agent calls without the documented limits or timeouts.

Review before installing. Use this only with trusted agents, avoid secrets or private data in prompts, and prefer a version that enforces an agent allowlist, a maximum agent count, and real per-call timeouts.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly states that it forwards the user's query to multiple agents and then sends both the query and agent outputs to a synthesizer, but it does not warn users that their prompt will be replicated across several downstream recipients. This creates a privacy and data-handling risk because users may unknowingly disclose sensitive information to more parties than expected, increasing exposure and retention surface area.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal