Skill Explorer

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate skill-review helper, but its helper script can force-install arbitrary third-party skills during inspection.

Install only if you are comfortable with a review tool that may force-install third-party skills for inspection. Prefer using its metadata and manual review steps first, and run the download/analyze helper only in a disposable or tightly scoped environment.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Low

Confidence: 91% confidence
Finding: The instruction to add items to the "待学习" list introduces a Chinese-only label in otherwise English documentation. This can violate language/locale policy because the file does not state that the skill is region-specific or provide an opt-in or alternative language choice.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal