Security audit
JSON Query Tool
Security checks across malware telemetry and agentic risk
Overview
No artifact-backed evidence of malicious or review-worthy behavior was found; the available signals are clean aside from pending VirusTotal telemetry.
This appears safe to install based on the available evidence. As with any skill, review what actions it asks the agent to perform and avoid granting credentials or write access unless the request clearly requires it.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
67/67 vendors flagged this skill as clean.