Password Generator

Security checks across malware telemetry and agentic risk

Overview

This is a local password-helper skill with limited settings storage, but users should not treat chat-generated secrets as equivalent to a dedicated password manager or cryptographic key generator.

Install only if you are comfortable using it as a local prompt helper for password ideas and strength feedback. Do not paste real current passwords into chat, and use a trusted password manager or OS-backed generator for important account passwords, API keys, and production tokens.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The activation phrases include broad/common terms such as 'PIN', 'token', 'username', and 'passphrase', which can cause the skill to trigger during unrelated conversations. In a tool with read/write permissions and local persistence, accidental activation can lead to unnecessary file operations, unintended handling of sensitive user text, or confusing security-related outputs when the user did not intend to invoke the skill.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The manifest's 'any password/security task' language defines an overly expansive invocation scope that can match a wide range of benign security discussions. Overbroad scope increases the chance of unintended activation and makes it harder to reason about when the skill may read/write local state in response to ordinary conversation.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal