Task Executor

Security checks across malware telemetry and agentic risk

Overview

This skill is not malicious, but it can launch broad autonomous research workflows from very common phrases without clear consent boundaries.

Install only if you are comfortable with a skill that may turn ordinary help, analysis, research, or report-writing prompts into autonomous multi-step work. Use explicit invocation, review generated files and any local task state, and avoid giving it sensitive prompts unless you are comfortable with possible network search, subagent processing, and local retention.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

High

Confidence: 95% confidence
Finding: The trigger keywords are extremely generic terms such as '帮我', '分析', '调研', and '写报告', which are common in ordinary conversation. This can cause unintended skill activation and may lead the agent to perform network searches, create documents, or initiate task execution without sufficiently explicit user intent, increasing the risk of privacy-impacting or undesired actions.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill describes automatic searching, document generation, asynchronous execution, and optional local state persistence, but it does not clearly warn users that their prompts or derived data may be sent to external services, written to files, or retained in task state. This lack of transparency can expose sensitive information and prevents informed consent before privacy-relevant operations occur.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal