3123123123

Security checks across malware telemetry and agentic risk

Overview

This is a very minimal skill-discovery prompt with vague metadata and broad triggers, but the inspected files do not show hidden access, automatic installation, credential use, persistence, or destructive behavior.

Install only if you want a lightweight helper for finding other skills. Because the metadata is vague and the triggers are broad, review any skill it recommends separately and require explicit approval before installing or enabling third-party skills.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 79% confidence
Finding: The trigger conditions are very broad, such as matching generic requests like 'how do I do X' or 'can you do X,' which can cause the skill to activate in ordinary conversations where the user did not ask to search or install external skills. In a skill that helps discover and install ecosystem extensions, over-triggering increases the chance of unsolicited tool discovery, unexpected capability expansion, and exposure to untrusted third-party content.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal