Forsy Trace Skill

Security checks across malware telemetry and agentic risk

Overview

This skill coherently creates local workflow trace files for inspection and research, with no evidence of hidden network submission or destructive behavior.

Install only if you want agent workflows saved as local trace artifacts. Before sharing or retaining generated traces, review them for secrets, private prompts, credentials, personal data, proprietary details, and sensitive logs or diffs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 87% confidence
Finding: The skill explicitly instructs the agent to save `trace.json`, `manifest.json`, and supporting artifacts to the local workspace, but it does not prominently warn that using the skill causes filesystem writes. In an agent environment, implicit file creation can surprise users, overwrite existing files, or leave behind sensitive traces/artifacts that were not expected to persist.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal