REGULATORYCHANGEMONITOR

Security checks across malware telemetry and agentic risk

Overview

This skill monitors public regulator websites and writes a small disclosed local state file to avoid duplicate alerts.

Before installing, confirm you want scheduled daily checks and a local last-run.md state file. Treat digests as an early-warning aid rather than legal advice, verify important items at the original regulator source, and only add additional URLs you trust.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 92% confidence
Finding: The skill persists run metadata to `last-run.md` without clearly disclosing this behavior in a user-facing warning or privacy/state notice. While the stored data is limited and operational, undisclosed file writes can surprise users, create auditability concerns, and establish a precedent for hidden persistence in agent skills.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal