Skill Optimizer

Security checks across malware telemetry and agentic risk

Overview

This appears to be a skill-review helper with one scope-quality issue, not evidence of hidden, destructive, or deceptive behavior.

Install only if you want an assistant to review or improve skill files. Invoke it explicitly, review any suggested edits before applying them, and consider narrowing its activation wording so ordinary mentions of skills do not trigger it unexpectedly.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The description uses very broad activation criteria such as checking any skill, optimizing skills, evaluating skills, and keyword-based triggering. That can cause the skill to activate on ordinary conversations or unrelated requests, increasing the chance that a high-privilege skill with Bash/Write/Exec access is invoked when the user did not intend it. In this context, overbroad routing is more dangerous because the skill is positioned as an evaluator of other skills and includes executable examples and file-inspection behavior.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal