Authorization First

Security checks across malware telemetry and agentic risk

Overview

This skill is a safety-oriented authorization checklist, with no evidence of hidden code, automatic actions, or data access.

Install this only if you can read the Chinese instructions or are comfortable translating them first. The skill is designed to make an agent ask before impactful operations, but users should still review any proposed command or file change before approving it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 95% confidence
Finding: The skill is written entirely in Chinese and does not offer a language choice or document a locale restriction. In a mixed-language environment, users or downstream agents may misunderstand authorization requirements and operational boundaries, which can lead to unintended execution of privileged actions without informed consent.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal