Skill usage tracker

Security checks across malware telemetry and agentic risk

Overview

This is a simple local audit skill that discloses rule checking and violation logging, with no evidence of hidden network access, destructive behavior, or credential use.

Before installing, treat this as a local monitoring tool: confirm what gets written to skill_violations.log and daily reports, avoid using it where sensitive conversations could be logged without consent, and periodically delete or rotate logs if they are no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill states that violations are recorded to a local log file, but the description does not clearly warn users that their interactions may be logged. Undisclosed logging creates a privacy and transparency problem, especially if prompts or outputs can contain sensitive or personal data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal