Cleaning And Maintenance

Security checks across malware telemetry and agentic risk

Overview

This TIDY skill is coherent, but it can cancel bookings, delete maintenance tasks, and use a non-expiring account token without enough built-in safeguards.

Review before installing. Use a dedicated or least-privilege TIDY token if available, keep it out of chat transcripts and logs, and rotate or revoke it if exposed. Before letting an agent cancel bookings or delete tasks, require it to read back the exact job/task ID, property, date, and action for explicit confirmation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill exposes destructive operations such as cancelling jobs and deleting tasks without any guidance to require explicit user confirmation or warn about irreversible business impact. In an agent setting, this increases the risk of accidental or prompt-induced destructive actions that can disrupt operations, bookings, and maintenance workflows.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The authentication section includes a persistent bearer token and even states that tokens do not expire, but provides no warning that the token is highly sensitive or should never be logged, echoed, or embedded in prompts. Long-lived credentials materially increase the impact of leakage because compromise can grant ongoing API access to job, task, and personnel management functions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal