Monster Method Decomposition

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable refactoring guidance skill whose code-editing access matches its stated purpose.

Install this only if you want an agent to help edit and test a codebase during legacy-method refactoring. Use version control, review diffs, and prefer running it on a branch because the skill is intentionally designed to modify source files and tests.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The discovery triggers include broad natural-language phrases such as 'Developer feels unable to safely change a method', which can match common conversational requests rather than an explicit request to use this skill. That can cause unintended activation and inappropriate tool-enabled editing guidance in contexts where the user only wants discussion or high-level advice.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The manifest description embeds many ambiguous activation phrases like 'where do I even start with this method' and 'can't test this method it's too big', which are common help-seeking statements and may over-trigger the skill. Because the skill operates in full mode with Read/Edit/Bash available, accidental selection can escalate from harmless misrouting into unintended code modification workflows.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal