Back to skill

Security audit

Selection Agent

Security checks across malware telemetry and agentic risk

Overview

The skill appears to automate research with connected services, but its instructions normalize broad credential use and script execution without enough user control.

Install only after reviewing the referenced config and script yourself. Remove hard-coded tokens, use a secret manager or explicitly named environment variables, confirm which third-party services and database will be contacted, and do not run the quick-start command until you understand what data it sends or writes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill explicitly instructs reading AGENT_CONFIG.md that allegedly contains hard-coded tokens, competitor lists, output structure, and environment variables, and then sourcing a local .env file before execution. This goes beyond ordinary documentation and encourages broad credential access and local secret harvesting, which could expose sensitive data or enable unintended use of connected services.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill enumerates multiple API keys, tokens, OAuth-backed services, and a database identifier, while telling the agent they are already configured and available. This normalizes silent access to sensitive credentials and third-party systems without informing the user about secret usage, outbound requests, or downstream data exposure.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The quick-start commands source local environment variables and execute a research script from a temporary directory with no warning about external API calls, data transmission, or writes to integrated services. In an agent setting, this can trigger unreviewed execution paths that consume secrets and send data externally without meaningful user awareness or approval.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.