Skill Creator Enhanced (Vault Awareness)

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate skill-authoring helper, but it can create or update persistent skills that affect future agent behavior.

Install only if you want an agent to help author or modify skills. Before using it, confirm where new skills will be written, review any generated scripts or credential instructions, and be careful when placing output in an auto-loaded skills directory because those files can affect future agent behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 81% confidence
Finding: The skill instructs running scripts, editing files, packaging artifacts, and discussing credential-backed API usage, so it clearly implies file, shell, and potentially network capabilities without any explicit permission declaration. In an agent environment, this mismatch can cause overbroad execution or make risky behaviors less visible to reviewers and users.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The document first instructs authors to add `metadata.requires.env` and `primaryEnv` to frontmatter, then later says the frontmatter must contain only `name` and `description`. This contradiction creates unsafe ambiguity: skill authors may produce invalid manifests, omit credential declarations, or invent ad hoc secret-handling workarounds that bypass intended controls.

Vague Triggers

Medium

Confidence: 76% confidence
Finding: The description is broad enough to trigger on many generic requests about creating, updating, structuring, or packaging skills. Overbroad triggers can cause this skill to activate unexpectedly, exposing powerful instructions about script creation, packaging, and resource organization in contexts where they were not intended.

Missing User Warnings

Medium

Confidence: 72% confidence
Finding: The guidance discourages README and other user-facing documentation categorically, which can suppress visible warnings, setup constraints, and security notes for skills that invoke scripts, credentials, or packaging operations. Removing user-facing safety context increases the chance that risky behavior is misunderstood or executed without proper review.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal