Security audit

spec-stateflow

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed, instruction-only workflow skill for planning and executing larger software changes, with local project state tracking but no hidden code, install hooks, network use, or credential access.

Install this if you want a spec-driven workflow for larger coding tasks. Before using it, choose a clear spec directory, review generated requirements/design/tasks files, inspect diffs before approving commits, and only use continuous operation when task boundaries and stop conditions are explicit.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The manifest description and trigger list are broad enough to activate on many ordinary engineering requests such as 'new feature', 'architecture design', or 'continue', which can cause the agent to enter a heavyweight workflow unexpectedly. In this skill, automatic or over-eager invocation is more dangerous because the content instructs multi-phase control over planning and execution, increasing the chance of scope hijacking, user-friction, and unintended file/process manipulation.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger phrase '帮我实现这个功能' is extremely broad and can match many routine software requests, causing the workflow to activate without clear user intent or scope validation. In an agent skill that drives multi-phase execution and file/state transitions, ambiguous activation increases the chance of unnecessary privileged actions, state mutations, or workflow hijacking from ordinary conversation.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The phrase '这个bug需要修一下' is too generic to safely determine that a structured multi-phase workflow should start. Because bug-fix requests are common and vary widely in complexity, this can misclassify simple tasks as stateful workflow executions, leading the agent to perform unnecessary planning steps, update workflow files, or alter execution state based on weak intent signals.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.