Skill Checker

Security checks across malware telemetry and agentic risk

Overview

This skill is a local SKILL.md checker that reads a user-chosen skill file and writes a local HTML report.

Install only if you are comfortable running a local Python checker on SKILL.md files you select. Use explicit target and report paths, and avoid writing reports into shared locations if the skill contents or audit findings are sensitive.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

High

Confidence: 89% confidence
Finding: The description 'Helpful skill.' is so broad that the skill's activation scope is effectively undefined. In an agent ecosystem, vague activation criteria can cause the skill to be invoked in inappropriate contexts, leading to overreach, incorrect audits, or misuse of any downstream reporting or file-access capabilities.

Vague Triggers

High

Confidence: 86% confidence
Finding: The workflow steps are generic and omit domain-specific constraints, safety boundaries, and decision criteria for when the skill should stop or refuse actions. This makes the skill easier to misapply across unrelated tasks and increases the chance that an agent will treat it as a broadly applicable review tool rather than a narrowly scoped compliance checker.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal