Freelance Proposal Writer Pro
Security checks across malware telemetry and agentic risk
Overview
This looks like a mostly local proposal-writing CLI, but its install instructions point users to a different global npm package than the reviewed artifact.
Review the install target before using this skill. Do not run the documented global npm install unless you verify it is the same package and publisher as the reviewed artifact, and avoid placing real API keys or enabling tracking-related config until the provider and data handling are clearly documented.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
VirusTotal findings are pending for this skill version.