Event Orchestrator

Security checks across malware telemetry and agentic risk

Overview

This skill is a local event-orchestration library whose behavior matches its stated purpose, with a privacy caution around event payloads in logs and history.

Reasonable to install for local orchestration. Do not publish secrets, tokens, personal data, or confidential task outputs as event payloads unless you control the handlers and logs; avoid debug logging in shared or production environments, and clear or limit event history when processing sensitive workflows.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The documentation explicitly promotes event publishing, subscription, logging, and event history, but provides no warning about sensitive payload handling, retention, or log exposure. In an event-orchestration skill, events commonly carry task results, identifiers, tokens, or user data, so documenting history/logging without privacy and redaction guidance can lead to accidental disclosure through stored history, console output, or middleware.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: In debug mode, the logging middleware emits the full `event.payload` to the configured logger without any sanitization, redaction, or classification checks. If payloads contain secrets, personal data, tokens, or internal business data, they may be exposed to log stores, operators, or downstream log processors, turning logs into a secondary data-leak channel.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal