Material Symbols Cli

Security checks across malware telemetry and agentic risk

Overview

The scan does not show malicious behavior; the main caution is a setup section that asks users to run installer commands.

Before installing, read the setup commands and prefer official installer sources. Avoid piping remote scripts into a shell unless you trust and verify the source. The VirusTotal telemetry is clean, and the available evidence does not justify a Review or malicious classification.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill includes setup instructions that modify the user's environment and install software, including fetching and executing installer code, without any warning, verification step, or safer alternative. In an agent skill context, this is risky because users or downstream automation may treat setup blocks as trusted operational guidance and execute them without scrutiny.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal