Back to skill

Security audit

Gc Log Report

Security checks across malware telemetry and agentic risk

Overview

This skill reads local JVM GC log files and produces reports, with no executable code, network behavior, credential access, or hidden persistence found.

Install this if you want help analyzing JVM GC logs and producing Chinese-language reports. Be aware that GC logs and JVM parameters can include operational details, so review generated HTML/Markdown before sharing them outside your team.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill description includes very broad trigger phrases such as general JVM pause analysis, tuning advice, leadership-report preparation, and GC-related troubleshooting, which can cause the agent to invoke this skill for common performance-diagnosis requests even when the user did not explicitly ask for it. This overmatching increases the chance of inappropriate tool selection, unnecessary file discovery/analysis behavior, and reduced user control over how their local data is processed.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The skill metadata and instructions are written to default to Chinese-language outputs and terminology without offering a user-language negotiation step. In multilingual environments, this can lead to misunderstood conclusions, incorrect operator decisions, or accidental disclosure of reports to stakeholders in an unintended language, though the impact is primarily reliability and usability rather than direct compromise.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.