Back to skill

Security audit

Task Decomposition

Security checks across malware telemetry and agentic risk

Overview

This is a text-only planning skill with no evidence of hidden code, credential access, persistence, or unsafe actions.

This looks acceptable to install for planning support. Before relying on automatic invocation, the publisher should replace the placeholder trigger with clear activation phrases or conditions so the skill runs only when intended.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
97% confidence
Finding
This manifest is in scope for vague-trigger checks, and the trigger section does not enumerate any actual trigger phrases or activation conditions. The placeholder-like value `System.Object[]` gives no specificity about when the skill should activate, increasing the risk of unintended or misconfigured invocation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.