Amara
Security checks across malware telemetry and agentic risk
Overview
The skill appears coherent and purpose-aligned, with disclosed use of commands, reference files, and external services and no evidence of hidden exfiltration, persistence, or destructive behavior.
Install only if you intend to let the agent run the documented development or integration workflows. Review commands before approving account-affecting actions such as moderation changes, API uploads, PR comments, package installs, or long-running dev/proof processes, and use the minimum credentials needed for the task.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.