Back to skill

Security audit

Status page & incident communication by openstatus

Security checks across malware telemetry and agentic risk

Overview

This is a status-page writing skill with disclosed local context-file use and no executable code or hidden data transfer.

Before installing, know that this skill may read ordinary project docs/config files during auto-draft and save service, SLA, tone, and escalation details in .agents/status-page-context.md. Avoid putting secrets, customer data, or sensitive unreleased incident details in that context file unless you want other status-page skills to reuse them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Low
Confidence
91% confidence
Finding
The skill directs the agent to create or overwrite `.agents/status-page-context.md` as part of its normal workflow, but it does not require explicit user confirmation immediately before modifying repository files. Even though the target path is relatively scoped and the content is user-facing configuration, silent file writes can still surprise users, overwrite prior work, or be triggered from ambiguous requests. The surrounding context makes this only mildly dangerous because the file path is fixed, the file purpose is transparent, and there is no instruction to exfiltrate data or modify executable code.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.