Startup Mentor

Security checks across malware telemetry and agentic risk

Overview

The available evidence describes a low-risk advisory skill with no signs of hidden execution, data access, persistence, or harmful behavior.

Review whether you want a broadly triggered startup/business advisor active in general conversations. Based on the available evidence, it does not appear to run commands, access accounts, persist data, or take actions on your behalf.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The skill uses very broad trigger phrases such as 'startup guidance', 'startup advice', and 'business model', which can match many ordinary business conversations and cause the skill to activate when the user did not intend to invoke a startup-specific advisor. This increases the chance of inappropriate routing, unnecessary tool use, and irrelevant or overly authoritative advice being injected into general discussions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal