task killer

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed task-stopping helper, but it can terminate running agents and process sessions too broadly when common phrases are used.

Install only if you explicitly want an aggressive stop/reset helper. Before using it, narrow activation to explicit commands such as /stop-current-task, require confirmation before killing processes or subagents, and ensure cleanup is limited to resources created by the current task/session.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (10)

Intent-Code Divergence

Medium

Confidence: 93% confidence
Finding: The skill gives conflicting interruption semantics: it says to immediately stop and avoid further tool execution, but then instructs the agent to enumerate and kill subagents/processes and optionally delete files. In practice this ambiguity can lead to unsafe post-interrupt actions being taken automatically, including destructive cleanup after a casual stop request.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The documented interrupt keywords include broad natural-language phrases such as '别做了', '任务不对', and '方向错了' that can appear in normal conversational correction, not just as explicit cancellation commands. In an agent skill, this creates a real control-flow vulnerability because benign user feedback or quoted text could unintentionally terminate tasks, causing denial of service or premature cleanup.

Vague Triggers

High

Confidence: 99% confidence
Finding: The auto-trigger configuration uses especially ambiguous keywords like '不对', '错了', and '重新来' with no scope constraints, making automatic interruption likely during ordinary iterative dialogue. Because these triggers are wired to automatic response and cleanup behavior, a user or adversarial prompt can induce repeated cancellation, disrupt workflows, and potentially interfere with subagents or processes without explicit confirmation.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The README states that interruption automatically creates record files on disk, but it does not clearly warn about persistence, retention, or the possibility that task context may be written locally. In agent environments, silent logging to predictable temp paths can expose sensitive prompts, operational metadata, or user intent to later reads by other tools, users, or processes.

Vague Triggers

High

Confidence: 97% confidence
Finding: The trigger list contains broad, common phrases such as '停止', '取消', '重新来', '方向错了', and English words like 'stop' or 'cancel' that may appear in normal conversation rather than as an actual command. This creates a high risk of unintended activation, causing premature task termination and potentially cascading cleanup actions without clear user intent.

Vague Triggers

High

Confidence: 96% confidence
Finding: The manifest trigger field is a loose pipe-separated string of generic terms rather than a constrained intent schema, making matching ambiguous and overbroad. Because this skill can kill processes and clean files, ambiguous manifest-level activation materially increases the chance of destructive behavior being invoked accidentally.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill directs the agent to kill subagents, terminate background processes, and optionally delete temporary files, but does not present a clear up-front warning that these are destructive operations or define their scope. Users may believe they are only stopping the current reply, while the skill may terminate unrelated work or remove recoverable artifacts.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill exposes a confirm option but never enforces any confirmation before killing subagents and processes. In an agent environment, this enables destructive interruption of active work without a user gate, which can cause denial of service, loss of task progress, or termination of unrelated sessions if the underlying list/kill operations are broad.

Vague Triggers

High

Confidence: 97% confidence
Finding: The trigger list includes broad, ambiguous phrases such as '不对', '错了', 'stop', and 'cancel' that commonly appear in normal conversation. Because this skill has high priority and can clean up subagents and processes, unintended activation could abruptly terminate legitimate work, causing denial of service or loss of in-progress results.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The manifest is designed to interrupt tasks and terminate processes, yet it provides only an automatic success-style response and no warning or confirmation before destructive cleanup occurs. In this context, access to 'process' and 'subagents' makes the behavior materially dangerous because a mistaken or spoofed invocation can terminate running work immediately.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal