Verification Workflow

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only alias that routes verification-related requests to VeriClaw and does not run code or request access.

This alias appears low risk. Be aware that broad phrases like "incident response" or "AI supervision" may route to VeriClaw even when you meant a different workflow, and review the separate canonical VeriClaw skill or plugin before installing it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The skill advertises many broad, generic phrases such as 'incident response', 'workflow repair', 'agent supervision', and 'verification before completion' that are not tightly scoped to this specific skill. In an agent ecosystem, these terms can cause accidental invocation or routing hijack, especially because this file is an alias/redirect surface rather than the canonical implementation, which increases the chance of misrouting users or downstream automation.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The manifest trigger 'verification workflow' is generic and lacks qualifiers, exclusions, or examples of non-matches. Because this skill is intended as an alias route, an underspecified trigger can capture ordinary user requests about general verification processes and divert them into this skill instead of a better-matched or canonical destination.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal