Agent Evaluation

Security checks across malware telemetry and agentic risk

Overview

This skill is a low-risk routing alias that points agent-evaluation requests toward VeriClaw pages and does not run code or access data.

Install this only if you want generic agent-evaluation or review wording to route toward VeriClaw. Before following the linked pages or installing the canonical vericlaw package, verify that the publisher and project are the ones you intend to use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger phrase `agent evaluation` and the surrounding alias terms are very broad and overlap with many generic QA, review, and auditing requests. Because the skill is explicitly designed as a routing alias, this can cause over-invocation or misrouting of unrelated user requests into this skill, potentially steering users toward the vendor’s preferred surface instead of the best-matching capability.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal