Need Type Classifier

Security checks across malware telemetry and agentic risk

Overview

This is a sales-call classification skill whose file reads and needs-log writing match its stated purpose, with no evidence of hidden code, credential use, network calls, or destructive behavior.

Reasonable to install for sales-call review. Before use, expect it to read call notes/transcripts you provide or point it at, and to create or update needs-log.md; keep sensitive customer data within your organization’s AI-use policy.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 93% confidence
Finding: The skill explicitly instructs the agent to create or update `needs-log.md` as part of normal execution, but it does not include a user-facing disclosure or confirmation step before modifying files. This can lead to unintended workspace changes, overwriting prior notes, or surprising side effects when the user expected only an in-chat classification result.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal