Maus HTML Summary

Security checks across malware telemetry and agentic risk

Overview

This is a text-only skill that turns user-supplied content into a self-contained illustrated HTML explainer, with no evidence of hidden execution, persistence, or data exfiltration.

Before installing, be aware that the skill may be invoked implicitly when you ask for an illustrated HTML summary. Avoid using it on private or sensitive source text unless you are comfortable having your agent transform that content into an HTML document.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill enables implicit invocation while advertising a very broad natural-language transformation ('turn this article, transcript, or text into a playful, illustrated HTML explainer') without clear scope, trigger boundaries, or user-consent constraints. This can cause the agent to invoke the skill unexpectedly on arbitrary user content, increasing the chance of unintended data handling, surprise tool use, or prompt-routing abuse in multi-skill environments.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal