Auto Responder

Security checks across malware telemetry and agentic risk

Overview

The skill’s auto-reply purpose is clear, but it asks users to wire an unreviewed command into message hooks or heartbeats that can post automatically in group topics.

Before installing, obtain and review the actual auto-responder executable or source, then enable it only in specific trusted topics. Consider requiring mentions, narrowing keywords, using conservative cooldowns, and checking what is stored in ~/.cache/auto-responder.json. Static scan was clean and VirusTotal was pending, so the concern is the artifact-backed unreviewed persistent command and autonomous posting behavior, not malware evidence.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The configured keyword lists include very common terms such as 'hola', 'ayuda', 'problema', and 'error', while the skill is designed to react automatically to any inbound message and may ignore mention requirements. In this context, broad triggers can cause unintended autonomous responses, creating spam, message amplification, and accidental disclosure of agent presence or behavior across threads.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal