greetr

Security checks across malware telemetry and agentic risk

Overview

This is a simple greeting skill that only tells the agent how to respond to greetings and does not request data access, commands, networking, persistence, or credentials.

This appears safe for a basic greeting use case. Install it if you want automatic friendly greetings, but be aware that its broad activation wording may cause it to respond to casual greeting phrases even when another skill or normal conversation might be more appropriate.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger description is broad enough to activate on routine conversational text beyond a direct request to use the greeting skill. In an agent system, overly broad routing can cause unintended skill invocation, reduce reliability, and potentially interfere with higher-priority or more appropriate skills.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The activation guidance uses ambiguous examples like broad greeting-style phrases without precise constraints, which can lead to accidental activation during ordinary conversation. While not directly enabling code execution or data exposure, this weakens intent classification and may cause the agent to respond inappropriately or suppress the user's actual request.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal