Back to skill

Security audit

Adaptive Reasoning

Security checks across malware telemetry and agentic risk

Overview

This skill only gives the agent instructions for deciding when to use deeper reasoning, with no code, downloads, credential access, or data access.

Install this only if you want the agent to automatically adjust reasoning depth across conversations. Users who prefer explicit consent, stable response formatting, or tighter token control may want to edit or disable the automatic activation and indicator rules.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

High
Confidence
93% confidence
Finding
The skill is configured to run on every user message, which creates an unnecessarily broad pre-processing surface and can override normal user intent such as requests for quick answers or minimal processing. Even though it does not appear to exfiltrate data or invoke privileged tools, this blanket trigger can systematically alter model behavior, increase token usage, and make it easier for hidden prompt logic to affect all conversations.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly directs silent activation of reasoning mode and appends covert state indicators without meaningful user disclosure. Hidden behavioral changes reduce transparency and user control, and the instructions to use internal commands or tools to alter session state can conflict with platform governance and make prompt-level manipulation harder to detect.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.