Token消耗优化器

Security checks across malware telemetry and agentic risk

Overview

This skill appears aimed at self-repair, but it may inspect sensitive failure logs and change configuration automatically without clear user control.

Review carefully before installing. Only use it in a test or trusted environment unless you are comfortable with it reading failure/session logs and changing configuration; prefer dry-run proposals, log redaction, backups, and explicit approval before any config writes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

High

Confidence: 95% confidence
Finding: The skill describes mining failed session logs and automatically correcting configuration files without an explicit consent, scope, or safety boundary. This is dangerous because failure logs may contain sensitive prompts, tool outputs, credentials, or user data, and automatic config changes can silently alter system behavior or introduce integrity and availability risks.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal