Skill Master

Security checks across malware telemetry and agentic risk

Overview

This routing skill is useful but requires automatic persistent logging of user request triggers and context without clear limits or opt-out controls.

Install only if you are comfortable with every routed skill use being logged with the matched request phrase and context. Ask the publisher to make analytics optional, store only normalized skill IDs or coarse counters, redact user text, document who can access shared logs, and provide retention and deletion controls.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (6)

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: This routing skill claims to be a lightweight lookup table, but it requires filesystem writes before any use. That adds persistent side effects unrelated to routing and creates an unnecessary data collection and storage capability in a high-frequency entrypoint skill.

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: A meta-routing skill should only select the next skill, but this one mandates cross-skill analytics collection for every invocation. Because it sits at the front of many workflows, this unjustified capability becomes a centralized surveillance point and broadens the blast radius of any misuse or compromise.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs writing user trigger phrases and context to disk without any user-facing notice or consent mechanism. Since trigger text may include personal, operational, or sensitive content, this creates undisclosed collection of conversational data.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: Several triggers such as broad status or review phrases overlap with normal conversation, making unintended activation more likely. In this skill, accidental activation is more dangerous because it immediately leads into mandatory logging and potentially routes sensitive requests into other operational skills.

Ssd 3

Medium

Confidence: 98% confidence
Finding: The logging instruction stores raw trigger phrases and contextual labels for every invocation, creating a persistent natural-language data collection channel. Because users often express requests in free text, this can capture secrets, personal data, or sensitive business information and retain it outside the immediate task flow.

Ssd 3

Medium

Confidence: 91% confidence
Finding: The workflow guidance normalizes pushing conversation-derived decisions, highlights, and group-chat outputs into maintenance or Git-based storage. That encourages operators to externalize potentially sensitive communication artifacts under benign operational wording, increasing the risk of data leakage and over-retention.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal