Alibaba Cloud OSS
Security checks across malware telemetry and agentic risk
Overview
This skill appears safe to install, but it is designed to remember agent interactions locally over time.
Install only if you want your agent to keep cross-session local memory. Review the `~/.nexo` storage location and MCP configuration, and avoid storing sensitive information unless you are comfortable with it being reused in later sessions.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.