财经指数通
Security checks across malware telemetry and agentic risk
Overview
The available scan context does not show evidence of harmful behavior, but the target artifact itself was not available for a deeper coherence review.
The supplied telemetry is clean aside from VirusTotal still pending, which is not enough by itself to warn against installation. Because the target artifact was not available for direct inspection, review the skill text before installing, especially any requests for credentials, external uploads, local file access, or automatic setup commands.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.