Trend Radar

Security checks across malware telemetry and agentic risk

Overview

This skill is a transparent trend-report helper that searches the web and saves local reports, with only disclosed optional weekly automation.

Install only if you want web-based trend reports saved locally. Avoid adding the cron example unless you want weekly automatic runs, and periodically review or delete saved reports and event files if you do not want them retained or consumed by other local automations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger phrases are very broad and match common user requests like "trends" or "market trends," which can cause the skill to activate unexpectedly in unrelated conversations. Because the skill performs web searches and writes files, accidental invocation can lead to unanticipated external actions and background data generation without clear user intent.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill advertises automatic weekly execution, web search, report generation, and event publication, but the description does not clearly warn users that these actions happen autonomously and create artifacts on disk. This lack of transparency increases the risk of users enabling or invoking the skill without understanding its network access, persistence, and scheduled behavior.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal