Back to skill

Security audit

0

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only zero/reset reference skill, but its single-character trigger and broad reset/wipe examples create a real risk of accidental destructive actions.

Install only if you intentionally want broad zero/reset reference material. Do not let an agent run reset, wipe, clean, truncation, or fresh-start commands from this skill without an explicit target, confirmation, and backup. Review copied text with an editor that reveals invisible Unicode characters.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The section explicitly demonstrates use of zero-width characters to hide content inside text, which is a known obfuscation technique. In a skill intended for initialization, reset, and zero-value handling, this capability is unnecessary and increases risk because it can conceal prompts, commands, secrets, or policy-evading text from casual review.

Vague Triggers

High
Confidence
97% confidence
Finding
Using the single token '0' as a trigger is dangerously broad because it will collide with ordinary numeric discussion, code snippets, values, dates, versions, and many unrelated prompts. This makes accidental activation highly likely, which is especially risky given that the skill contains reset, wipe, and cleanup semantics that could steer an agent toward destructive actions.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The activation guidance relies on broad natural-language phrases like 'start from zero' and 'reset to initial state' without clear boundaries. That ambiguity increases the chance that the skill will activate during normal conversation and inject destructive or irrelevant behavior into unrelated tasks.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This section includes commands that wipe databases, clear caches, reset environments, and restore defaults, but the warnings are inconsistent and minimal. In a skill that may trigger broadly, such commands materially increase the risk of accidental data loss, service disruption, or destructive agent behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.