Security audit

Office Hours

Security checks across malware telemetry and agentic risk

Overview

This is a startup diagnostic skill that performs disclosed web research, limited project-context reading, and a bounded report write, with no evidence of hidden or malicious behavior.

Install this only where it is acceptable for an agent to read product docs and recent git history, perform web searches about the idea, and save a diagnostic report in the workspace. For confidential ideas or private repositories, ask the agent to skip web search, avoid git inspection, or return the report inline instead of writing the file.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (3)

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The skill says it produces a diagnostic report, but it also instructs the agent to perform web searches and inspect local project files. That expands the data-access and action scope beyond what a user may reasonably expect from a startup-idea diagnostic, creating risk of unintended disclosure of repository contents or unnecessary external requests.

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: Instructing the agent to read project files and run `git log --oneline -20` introduces local inspection and command execution that are not essential to every office-hours conversation. Even though the command is read-only, it can expose sensitive metadata such as project names, commit subjects, internal roadmap details, or confidential initiatives.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill instructs saving output to `docs/business/office-hours-report.md` without first warning the user or obtaining consent. Any automatic write to the workspace can create unwanted files, overwrite prior work, leak sensitive discussion content into version-controlled directories, or trigger downstream tooling that watches the repository.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.