error-coordinator

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill fits its error-recovery purpose, but it broadly asks agents to automate recovery and system changes without clear approval or scope limits.

Install only for controlled operational reliability work. Limit it to approved systems, keep assessment read-only by default, and require explicit human or orchestrator approval before rollback, state restoration, data reconciliation, service restoration, automated response changes, failure injection, or knowledge-base updates.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill's invocation guidance is broad and underspecified, describing high-level steps like querying system topology and implementing coordination without defining concrete trigger conditions, boundaries, or exclusions. In a multi-agent environment, this can cause the skill to activate in inappropriate contexts, access more operational context than necessary, or take error-handling actions beyond its intended scope, increasing the chance of unsafe automation or interference with normal operations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal