Subagent Spawn Command Builder

Security checks across malware telemetry and agentic risk

Overview

This skill locally builds subagent spawn JSON as described and does not execute it, but it keeps a local log of generated payloads.

Install only if you want a helper that prepares sessions_spawn JSON. Review the generated payload before using it, and avoid putting secrets or sensitive internal details in task text unless you are comfortable with those values being stored in the skill's local build log.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The manifest frames this skill as building command-ready JSON from profiles and explicitly emphasizes not executing spawn. While the script does not execute a spawn, it also creates a state directory and appends each generated payload to a persistent log file, which is additional stateful behavior not conveyed by the description. Persistently recording task text and payload metadata is beyond the plainly described role of a payload builder.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: This code creates a state directory and appends the full generated payload, including the user-supplied task text and profile, to build-log.jsonl. Although the script has a usage message, it does not visibly disclose that these inputs will be persisted to disk, which matters because task text may contain sensitive project or user data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal