Security audit
Agent Device
Security checks across malware telemetry and agentic risk
Overview
This is a transparent mobile-device automation skill; it can control apps and create local logs or recordings, but those behaviors are disclosed and fit its purpose.
Use this with test devices or test accounts when possible. Install or run the external agent-device CLI only from a trusted, pinned source, require confirmation before purchases, account changes, messages, or other high-impact UI actions, keep logging off unless debugging, and review or delete ~/.agent-device logs and generated artifacts when finished.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
