Security audit
JEP Primitive Skills
Security checks across malware telemetry and agentic risk
Overview
This skill is a coherent API/Python helper for generating JEP event JSON and shows no evidence of hidden access, persistence, exfiltration, or destructive behavior.
Before installing, verify the publisher and pin or audit dependency versions for your deployment. If running the API server, do not expose it publicly without authentication, TLS, and rate limits. Treat the optional signature field as metadata unless your surrounding system performs real signature verification.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
