Back to skill

Security audit

skill-evaluation

Security checks across malware telemetry and agentic risk

Overview

This is a coherent skill-evaluation tool, but users should run it only in a disposable workspace because its trigger tests can invoke local AI platform CLIs and store full evaluation outputs.

Install only if you want a structured skill-testing workflow. Run evaluations in a disposable project or test account, avoid real secrets or production data, review trigger probes before running them, and require approval for any file writes, shell commands, API calls, or browser actions during target-skill execution.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
env = {k: v for k, v in os.environ.items() if k != "CLAUDECODE"}

        process = subprocess.Popen(
            cmd, stdout=subprocess.PIPE, stderr=subprocess.DEVNULL,
            cwd=str(project_root), env=env,
        )
Confidence
88% confidence
Finding
process = subprocess.Popen( cmd, stdout=subprocess.PIPE, stderr=subprocess.DEVNULL, cwd=str(project_root), env=env, )

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script writes temporary probe files into live platform skill/rule directories and then executes external AI platform CLIs to see whether they trigger. In a security context, this is dangerous because evaluation of untrusted skill descriptions becomes active content injection into agent configuration surfaces, potentially causing the platform to load attacker-controlled instructions or act on the real workspace.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger language is overly broad, telling the platform to use this skill for essentially any request involving testing, evaluation, benchmarking, diagnosis, comparison, or production-readiness of a skill or prompt. That can cause accidental invocation on unrelated or sensitive tasks, which is especially risky here because the skill then performs multi-phase file creation, analysis of untrusted content, and possible script-driven execution.

Missing User Warnings

Low
Confidence
91% confidence
Finding
The skill explicitly instructs the agent to write output to `{runs_dir}/../report.json`, which is a filesystem-modifying action performed without any user confirmation or safety guard. In an agent setting, allowing implicit file writes based on variable paths can cause unintended overwrites or writes outside the expected workspace, especially because the path includes parent-directory traversal semantics (`..`).

VirusTotal

46/46 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.