Security audit

Enterprise Change Management Lead

Security checks across malware telemetry and agentic risk

Overview

This is a coherent change-management helper with a local Python CLI and no evidence of hidden data access, network activity, persistence, or destructive behavior.

Install this if you want a command-line change-management planning helper. Be aware that granting Bash-capable skill execution is broader than necessary for advisory text alone, so run only the included commands you intend to use and review future updates for any added network, file-write, or persistence behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The skill requests broad Bash execution even though its documented purpose is advisory change-management analysis. That creates unnecessary capability for shell command execution, expanding the attack surface if the skill is invoked, modified, or paired with adversarial inputs; the included Quick Start commands reinforce that the skill may execute local scripts rather than remain purely advisory.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.