Text Detection

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only text detection skill with normal dependency and privacy considerations, not evidence of hidden or harmful behavior.

Before installing, verify the referenced npm packages and pin trusted versions where possible. Do not enable result caching or fact-checking APIs for private, proprietary, or regulated text unless you understand what will be stored or sent to third-party services.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: The skill documentation introduces a fact-checking integration that sends extracted claims to external services, which expands the skill's data flow beyond local text detection. In this context, user-provided text may contain sensitive or proprietary content, and the file does not justify this capability or constrain when external transmission is allowed, creating unnecessary privacy and data-exposure risk.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The markdown describes external fact-checking API integration without warning that text or extracted claims may be transmitted to third parties. That omission is dangerous because users may assume analysis is local while sensitive prompts, documents, or personal data are disclosed externally during processing.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal