Back to skill

Security audit

Enterprise Change Management Lead

Security checks across malware telemetry and agentic risk

Overview

This is a coherent change-management helper with a local Python CLI and no evidence of hidden data access, network activity, persistence, or destructive behavior.

Install this if you want a command-line change-management planning helper. Be aware that granting Bash-capable skill execution is broader than necessary for advisory text alone, so run only the included commands you intend to use and review future updates for any added network, file-write, or persistence behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill requests broad Bash execution even though its documented purpose is advisory change-management analysis. That creates unnecessary capability for shell command execution, expanding the attack surface if the skill is invoked, modified, or paired with adversarial inputs; the included Quick Start commands reinforce that the skill may execute local scripts rather than remain purely advisory.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.