Google Slides
Security checks across malware telemetry and agentic risk
Overview
The supplied security telemetry is clean, and I found no artifact-backed evidence of malicious or review-worthy behavior in the available workspace context.
The available evidence does not show a reason to block installation. Because the target artifact text was not available for full independent review, users should still read the skill instructions before installing and avoid providing credentials or granting write access unless the skill clearly explains why it needs them.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.