Anubis Lite

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it analyzes a pasted job description to produce resume guidance, with only minor privacy and install-environment cautions.

Install only if you are comfortable pasting the full job posting into the agent context and terminal output. Avoid including confidential internal hiring notes, private recruiter details, or compensation information you do not want logged. Consider using an isolated Python environment because the install command may affect system Python packages.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill prints the full JOB_DESCRIPTION to stdout without any redaction, minimization, or warning. Job descriptions can contain internal hiring notes, recruiter contact details, compensation bands, or other sensitive business information, and echoing them increases the chance of unintended disclosure through logs, transcripts, or downstream agent context.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal