Atlas Conversion Rate Optimizer

Security checks across malware telemetry and agentic risk

Overview

This is a prompt/template skill for CRO marketing work, with some confusing off-topic security/DeFi promotional wording but no code, credentials, permissions, or automatic actions.

Safe to install as a CRO prompt/template skill. Review the external Atlas paid-pack and concierge links separately, and do not treat the off-topic DeFi/security-audit upsell text as evidence that this skill can perform security review work.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The upgrade section promotes paid packs for security-audit, DeFi, triage, and bounty workflows even though this skill is presented as a CRO/marketing tool. This kind of cross-domain mismatch is dangerous because it can mislead users about the skill's real purpose, undermine trust boundaries, and potentially funnel users into unrelated high-risk security workflows under false pretenses.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal