ops-journal

Security checks across malware telemetry and agentic risk

Overview

This skill is a local operations journal whose persistent files and export writes match its stated purpose, with normal caution needed for sensitive incident data.

Install only if you want a persistent local operations journal. Do not log passwords, tokens, private keys, or regulated data; protect the journal directory and review exported files before sharing. Use --output paths carefully because exports can overwrite the file path you provide.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 93% confidence
Finding: The skill explicitly states that operational data is stored under a local workspace path, including a SQLite database and incident files, but it does not warn users that these records may contain sensitive infrastructure, incident, and security details. This can lead users to log secrets, internal hostnames, root-cause data, or other sensitive operational context without understanding the persistence and exposure risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal