Security audit

O

Security checks across malware telemetry and agentic risk

Overview

This skill is a small instruction-only shortcut for suggesting standard commands to open files, folders, or links, with no hidden code or elevated access.

Before using a suggested command, confirm the path or URL is the one you meant to open. The short alias may activate more easily than a descriptive skill name, but the reviewed artifact is limited to command suggestions for opening items.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

High

Confidence: 93% confidence
Finding: The skill name `o` and its invocation scope are so broad that they can be triggered by ordinary conversation or short user utterances, causing unintended routing to this skill. In a command-suggestion skill, accidental invocation can bias the assistant toward terse command output without sufficient clarification, increasing the chance of unsafe or contextually wrong shell commands being suggested.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The applicable scenarios are described with broad natural-language triggers like 'open something' or 'how do I open this', without precise guardrails on what objects or contexts qualify. That makes over-activation more likely, so the skill may respond in situations where the user did not intend command execution guidance or where clarification is needed before suggesting OS-specific commands.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.