Security audit

Adversarial Verification

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate adversarial testing skill, but it can run real shell, npm, and target JavaScript commands with broad automation guidance and limited enforced safeguards.

Install only if you want an active verification helper that may execute project code. Use it on trusted repositories or inside a disposable sandbox, review the target path and commands first, and avoid wiring it into Git hooks, CI, or deployment checks until you accept the npm install/build and target execution behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Behavioral ASTexec() Call, eval() Call, Dynamic Import
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger conditions are overly broad ('high-risk changes', 'core functionality changes', 'security-related code', 'user requests verification') and do not define exclusions, approval gates, or environment checks. In a skill explicitly oriented toward adversarial testing and real command execution, this can cause the skill to run in inappropriate contexts and initiate risky validation activity without sufficient scoping.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill repeatedly instructs the agent to run real commands and use destructive thinking to 'break the system', but its safety guidance is only advisory and lacks mandatory consent, non-production enforcement, and data-impact constraints. Because the operational guidance is more concrete than the warnings, an agent following this skill could execute harmful actions against live or sensitive targets.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The manifest describes the skill as an 'adversarial verification' tool intended to 'try every way to break the system,' but it does not clearly limit scope, target environment, or authorized use cases. In an agent ecosystem, broad invocation criteria can cause the skill to be selected outside controlled testing contexts, increasing the chance of misuse for harmful probing or disruptive actions.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The script runs npm install and npm run build in a user-supplied directory, which can execute arbitrary package scripts such as preinstall, postinstall, prepare, or build hooks. In a skill/agent context where targets may be untrusted, this creates a direct arbitrary code execution path on the analyst's machine without any confirmation, sandboxing, or warning.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The CLI verification path directly executes the target JavaScript file with node, meaning any code in that file runs immediately. Because the target path is user-controlled and the tool is framed as verification, this can trick users into executing arbitrary malicious code under their own privileges.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal