Upcoming Metal Concerts

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward concert scraper that contacts a public concert site and saves local configuration and results files.

Install this only if you are comfortable with the skill contacting concerts-metal.com and keeping local files for settings and saved concert results. Review or delete skill-config.json and data/concerts.json if you want to reset its stored state.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 76% confidence
Finding: The markdown instructs the agent to update skill-config.json and generate data/concerts.json without an explicit warning that local files will be created or modified. While this behavior is expected for the skill's purpose, the lack of disclosure reduces user awareness and can lead to unintended local state changes, especially on first run.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal