custom-skills-updater

Security checks across malware telemetry and agentic risk

Overview

This is a clearly disclosed updater for manually installed skills, with user approval required before changing skill files.

Install this only if you want an agent to manage manually installed skills. Keep REGISTRY.yaml limited to trusted sources, use a minimally scoped GitHub login where possible, and review the proposed change summary or diff before approving any update.

SkillSpector

By NVIDIA

Vulnerability Patterns

Rogue AgentSelf-Modification, Session Persistence
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The documentation states at L012 that the skill 'checks and updates existing skills only' and 'does NOT create new skills.' But the automatic discovery section at L102-L107 instructs adding unregistered skills to REGISTRY.yaml, including auto-registering them as local when prompting is not possible. Adding new registry entries is a form of creating/managing new tracked skills, so the documentation conflicts with itself about intended behavior.

Self-Modification

High

Category: Rogue Agent
Content: skill-name ........ update available ``` ## Update skills Target all outdated skills or a specific skill by name.
Confidence: 85% confidence
Finding: Update skill

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal