Back to skill

Security audit

Brainstorming Duhy40

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed brainstorming workflow that may inspect a project and create a committed design document, but it does not show hidden, destructive, or exfiltrating behavior.

Install this if you want a structured design-before-coding workflow. Be aware it can inspect the current project, ask multiple planning questions, create a spec under docs/superpowers/specs, and commit that spec to git before moving to implementation planning.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The manifest description is very broad ('starting any creative work', 'building components', 'adding functionality', 'modifying behavior'), which can cause the skill to be invoked in many contexts where a lighter-weight or safer workflow would be more appropriate. Over-broad routing increases the chance the agent enters a process that performs repo inspection, document creation, and workflow steering even when the user did not explicitly ask for that level of intervention.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to write a spec file to disk and commit it to git as part of the default flow, but it does not require an explicit warning and consent before those side effects occur. This can lead to unintended modification of the user's repository history and filesystem state, especially if the user expected a discussion-only brainstorming session.

Session Persistence

Medium
Category
Rogue Agent
Content
## Checklist

You MUST create a task for each of these items and complete them in order:

1. **Explore project context** �?check files, docs, recent commits
2. **Offer the visual companion just-in-time** �?NOT upfront. The first time a question would genuinely be clearer shown than described, offer it then (its own message); on approval its browser tab opens for you. If no visual question ever arises, never offer it. See the Visual Companion section below.
Confidence
76% confidence
Finding
create a task for

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.