Back to skill

Security audit

Pet-Game workflow

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate backup/cleanup skill, but its broad activation scope and backup-deletion behavior should be reviewed before installation.

Install only if you want this agent to manage local backup snapshots. Before enabling routine or automatic use, check the backup directory, retention policy, cleanup command, and whether cleanup has a dry-run or confirmation step.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill declares very broad automatic trigger conditions covering essentially any file modification, commit, or UI/style/feature change in the project. This can cause the skill to activate during routine development and push the agent toward executing local backup/cleanup commands unexpectedly, increasing the chance of unintended side effects or command execution beyond the user's immediate intent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to run backup and cleanup commands that write to and delete from local backup storage, but it does not clearly disclose the data-modifying consequences of those operations at the point of use. In an agent setting, this is risky because the agent may perform filesystem changes automatically, potentially overwriting retention expectations or removing recovery data without informed user consent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.