Gatekeeper Navigator

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only sales skill with no malware-like install behavior, but it teaches misleading gatekeeper-routing tactics to obtain internal contact details.

Review carefully before installing. The skill does not appear to contain executable malware or hidden system access, but some provided scripts cross ethical and company-policy boundaries by using misleading transfer stories to get internal names or extensions. Use only truthful outreach, public or authorized contact paths, and remove or rewrite the fabricated-name handoff guidance before relying on it.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (5)

Intent-Code Divergence

High

Confidence: 98% confidence
Finding: The scripted handoff uses misleading identity context (e.g., implying transfer from a named internal employee and a partially known recipient) to induce routing or disclosure from reception. Even though the skill claims anti-manipulation principles elsewhere, this specific guidance operationalizes social engineering and materially increases the chance of unauthorized access to internal contact details or decision makers.

Description-Behavior Mismatch

High

Confidence: 95% confidence
Finding: The skill advertises that it can produce scripts that pass an anti-manipulation check, but the documented behavior later includes deceptive bypass tactics. This mismatch is dangerous because it can cause users or downstream agents to trust the skill as safety-vetted while still generating social-engineering content aimed at bypassing human gatekeepers.

Natural-Language Policy Violations

High

Confidence: 98% confidence
Finding: This passage explicitly encourages a deceptive script despite surrounding anti-deception guidance, creating contradictory policy within the skill. Contradictory safety framing is especially risky because it normalizes misuse and gives operators plausible deniability while still providing a concrete social-engineering playbook.

Ssd 4

Medium

Confidence: 90% confidence
Finding: By embedding deceptive access tactics inside a broader 'respectful' and 'anti-pattern' narrative, the skill incrementally normalizes manipulation as acceptable when framed politely. That context makes the content more dangerous, not less, because it can lower user caution and rebrand social engineering as ordinary sales technique.

Ssd 2

Medium

Confidence: 87% confidence
Finding: The skill uses paraphrased social-engineering phrasing to obtain internal identities and routing information without overtly labeling it as attack behavior. In this context, the skill is specifically about overcoming human access controls, so guidance for extracting names or extensions from uninvolved employees creates meaningful abuse potential even if framed as prospecting.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal