Chat Group Behavior

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill has a legitimate group-chat purpose, but it broadly changes live messaging access controls and includes destructive session-recovery guidance without enough rollback safeguards.

Review before installing. Use only if you are comfortable with the agent editing live messaging configuration, receiving messages from all members in allowed groups, and scheduling later config changes. Prefer a version that records and restores previous settings, scopes sender access to the specific group and duration, and requires explicit approval or a supported recovery path before deleting session transcripts.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: The troubleshooting section instructs operators to clear session transcript files to recover from API errors, which is outside the stated scope of group chat behavior and encourages destructive manipulation of persisted conversation state. Deleting session history can cause loss of auditability, break forensic reconstruction, and potentially remove safety-relevant context or guardrails tied to prior interactions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal