Security audit

Fluxguard

Security checks across malware telemetry and agentic risk

Overview

This appears to be a coherent Fluxguard integration skill, with no malware telemetry or artifact-backed evidence of hidden or destructive behavior.

Reasonable to install if you intend to use Fluxguard with your agent. Review the SKILL.md first, use the least-privileged Fluxguard credential available, and require explicit confirmation before creating, changing, or deleting monitors, alerts, or account data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill declares it should be used for ANY Fluxguard request, which creates an overly broad routing scope without constraints on operation type, user intent, or risk level. In practice, this can cause an agent to invoke the skill for sensitive or destructive Fluxguard operations by default, increasing the chance of unintended state changes or overuse of a powerful integration.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal