Back to skill

Security audit

Capability Evolver Pro

Security checks across malware telemetry and agentic risk

Overview

This is a local log-analysis skill that generates recommendations and does not show hidden network, filesystem, credential, persistence, or mutation behavior.

Install this if you want local deterministic analysis of runtime logs. Provide scoped log excerpts when possible, since logs can contain secrets or sensitive operational details, and treat any evolution recommendations as proposals for human review rather than automatic changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill description says to use it when the user or agent asks to analyze logs, diagnose failures, improve agent reliability, generate evolution proposals, or assess system health. These triggers are broad enough to overlap with ordinary operational requests, increasing the chance the skill activates in situations where log data may contain sensitive information or where a more specific tool should be chosen. In a meta-skill that processes runtime logs and can influence self-improvement flows, over-broad activation raises the risk of unintended invocation and unnecessary exposure of internal telemetry.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The 'When to Use' section includes vague examples such as 'what's failing', 'improve my agent', and 'check system health' without guardrails on required inputs or scope. That can cause this meta-skill to be selected for broad conversational requests, leading to inappropriate handling of sensitive logs, accidental autonomous self-modification workflows, or interference with more suitable skills. Because this skill is positioned as a self-improvement component, ambiguous routing is more dangerous than for a passive read-only utility.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The description contains very broad activation language such as analyzing logs, diagnosing failures, improving reliability, and assessing system health, which can match many ordinary agent or user requests. In an agent ecosystem, this increases the chance of unintended invocation or priority hijacking, causing the skill to handle tasks outside a narrowly intended scope and potentially process sensitive runtime data unnecessarily.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.