Lifecycle Hooks

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed lifecycle automation guide, with expected but user-visible persistence and memory-writing behavior.

Install this only if you want lifecycle automation that may schedule session-end checks, spawn subagents, and write memory or heartbeat state. Prefer using explicit commands and confirm before enabling persistent hook behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger phrases are very broad and can be invoked in ordinary conversation without clear scoping, which increases the chance that lifecycle automation starts unintentionally. In this skill, unintended invocation could create cron tasks, spawn subagents, or write memory artifacts, causing unwanted state changes and persistence rather than direct code execution.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal