Canvas Debate
Security checks across malware telemetry and agentic risk
Overview
This skill is a disclosed business-model debate workflow that reads project context and writes expected report files, with no evidence of hidden execution or data exfiltration.
Install this only for repositories you are comfortable having analyzed for business context. The skill may read project files and will create or overwrite markdown reports under docs/business/, so review or back up existing business documents if preserving prior versions matters.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.