Promote Skill
Security checks across malware telemetry and agentic risk
Overview
This is a markdown-only publishing checklist that asks users to review commands and avoid exposing secrets before making skills public.
Install this only if you intend to publish skills publicly. Review every generated marketplace command before running it, run the secret scan from the intended skill directory, keep real secrets out of SKILL.md files, and provide marketplace credentials or wallet access only to services you trust.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.