Gpt Analyzer

Security checks across malware telemetry and agentic risk

Overview

This skill appears safe to install, but its GPT/model-detection output should be treated as a rough heuristic rather than proof.

Use this skill only as an advisory signal for GPT-like writing patterns. Do not rely on its confidence score or detected model for moderation, academic, employment, or other consequential decisions without independent evidence. The exposed detectVersion/checkWatermarks options should not be assumed to add real analysis behavior in this version.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

Medium

Confidence: 96% confidence
Finding: The skill advertises `detectVersion` and `checkWatermarks` as configuration controls, but neither option affects execution. This creates a security-relevant integrity problem: callers may believe protections or analysis modes are enabled when they are silently ignored, leading to incorrect trust decisions and misleading downstream automation.

Description-Behavior Mismatch

Medium

Confidence: 88% confidence
Finding: The manifest claims model fingerprinting and version identification, but the implementation only performs lightweight phrase matching and simple structural heuristics. In a detection skill, overstating capability can cause operators or automated systems to treat weak heuristics as authoritative attribution, producing false confidence, misclassification, and unsafe policy decisions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal