Back to skill

Security audit

multi agent analysis and execution

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only workflow coordinator that writes run artifacts and may clean up old run folders, but its behavior is disclosed and aligned with its purpose.

Install only if you want a strict multi-agent workflow that creates run folders and reports. Avoid putting secrets, tokens, or private data directly into the task prompt, especially when using debug mode, and review old coordinator run artifacts before relying on the cleanup policy.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
This markdown file states that the skill will create timestamped directories and apply a cleanup policy that retains only the last 5 successful runs, which can affect files in the user's workspace. Although the behavior is described, there is no explicit warning that invoking the skill will write to disk and may remove prior successful run artifacts under the cleanup policy.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.