Ucts Guide

Security checks across malware telemetry and agentic risk

Overview

The only supported concern is that this coding guidance skill may activate too broadly, but there is no evidence of hidden execution, credential access, persistence, or data exfiltration.

Install this if you want broad coding workflow guidance. Be aware it may be invoked for more coding requests than you intend; disable it or narrow activation if it starts steering unrelated or sensitive tasks.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill is designed to trigger on essentially any coding task, which creates an overly broad activation surface. That can cause the skill to be invoked in situations where its generic prescription logic is inappropriate, potentially steering users into tool selections or workflows that do not match the actual task sensitivity, especially for security- or safety-relevant requests.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal