token-use-optimizer
Security checks across malware telemetry and agentic risk
Overview
The skill set is mostly coherent, but a bundled review helper defaults to launching a nested reviewer with full local access and approval bypass, so it belongs in Review before installation.
Install only if you trust the publisher and need these maintainer workflows. Pay special attention to the autoreview helper: use its no-yolo/normal-sandbox option unless you intentionally want a nested reviewer to have full local authority. Use moderation and deployment commands only with the intended admin credentials and explicit targets.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.