Password Generator

Security checks across malware telemetry and agentic risk

Overview

This is a local password generator that matches its stated purpose, with a clear caution that password values are shown in the terminal.

Reasonable to install for local password generation. Use it in a private terminal, avoid analyzing real existing passwords via command-line arguments, and store generated passwords in a password manager.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The manifest description includes a broad invocation scope phrase, especially 'any password-related security needs,' which can cause the agent to select this skill in situations beyond straightforward password generation. Overly broad routing language increases the chance the skill is invoked for unrelated or sensitive security tasks, creating unsafe overreach and misleading users about the skill's intended capabilities.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The analyze command prints the full supplied password back to stdout, which can expose secrets in terminal history, shell logs, CI logs, remote session transcripts, or screenshots. In a password-related tool, echoing sensitive input is especially risky because users may reasonably expect the tool to handle secrets carefully.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal