Back to skill

Security audit

Security Review

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only security review workflow with disclosed but somewhat broad logging and memory side effects.

Install this only if you want a strict review-before-install workflow. Before using it, change the hardcoded log path and the named user approval wording, avoid putting secrets in package review prompts, and decide whether MEMORY.md updates are acceptable for your environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill directs the agent to write review artifacts to a fixed local path and to update additional state outside the narrowly described assessment function. This expands the skill from analysis into persistent file modification, which can create unintended side effects, overwrite local data, or leave sensitive package/security notes in predictable locations without explicit user consent.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Updating MEMORY.md is not necessary to perform a package security review and introduces a cross-task persistence channel. This can pollute long-term agent memory with unverified or attacker-influenced content, affecting future decisions beyond the current review context.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger text is extremely broad: it says to run before installing any external package, tool, extension, or integration, with 'No exceptions.' Overly broad triggers can cause unintended or excessive invocation, increasing tool usage, creating review fatigue, and making it easier for adversarial contexts to steer the agent into unnecessary external searches and file writes.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to write files and verify their existence, but this side effect is not surfaced in the user-facing description. Hidden write behavior reduces transparency and informed consent, and in a security-focused skill it is especially risky because users may assume the skill only analyzes, not persists data locally.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.