Back to skill

Security audit

Phy Skill Creator

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill helps create and evaluate other skills, with disclosed workspace, browser, and subagent side effects that fit its purpose.

Install this only if you want an agent to help draft, test, and iterate on skills. Run it in a workspace you are comfortable writing files into, review any generated skill descriptions before adopting them, and confirm that any referenced local scripts or viewer tools exist and are trusted before running them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill explicitly tells authors to make descriptions more 'pushy' so the skill triggers even when the user does not clearly ask for it. That increases over-broad activation and can cause unintended tool use, side effects, or routing to a workflow that writes files, runs scripts, or opens review artifacts without sufficiently clear user intent. In a meta-skill that creates other skills, this behavior can propagate into many downstream skills and amplify the problem.

Missing User Warnings

Low
Confidence
88% confidence
Finding
These instructions direct the agent to write benchmark artifacts, generate review pages, and open or serve them, but they do not require explicit user confirmation before filesystem or browser side effects occur. That can surprise users, leak local paths or generated content into persistent files, and create unintended local processes or downloads. The risk is moderated by the fact that these actions are aligned with the skill's purpose, but they still should be consent-gated.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.