Security audit

Inception Token Optimizer

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Inception Labs token-cost optimization guide with small local helper scripts and no evidence of hidden access or harmful behavior.

This is reasonable to install as a local optimization aid. Before using its cache helper, consider whether prompts or responses may contain confidential data, since cached prompt-response pairs remain in process memory until evicted or cleared.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 95% confidence
Finding: The markdown recommends prompts such as "Concise answers. French." and "Réponds en < 100 mots," which prescribe a specific language/locale. This is a natural-language policy concern because the skill does not present French as optional or require explicit user preference before enforcing it.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal