Shike Multi Agent

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed multi-agent dispatcher; its contact and payment metadata is unnecessary but does not create malicious behavior.

Installing is reasonable if you want a persistent multi-agent delegation workflow. Treat the listed contact and payment handles as optional publisher metadata, not required setup, and avoid sending secrets or sensitive private data into tasks that will be copied to child-agent sessions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Context-Inappropriate Capability

Low

Confidence: 88% confidence
Finding: The manifest embeds personal payment handles and contact solicitation unrelated to the technical function of the skill. While not direct code execution risk, this is dangerous because it introduces unnecessary sensitive personal and financial data into distributed skill metadata, which can enable social-engineering, trust abuse, or unwanted data propagation across registries and logs.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal