马斯克自适应推理

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only skill that changes how the agent decides when to think more deeply, with no code, installs, credentials, network calls, or file access.

Install this only if you want the agent to automatically decide when to use deeper, potentially slower and more token-intensive reasoning. Review the emoji/output behavior and make sure users know how to opt out or disable the skill for quick-answer workflows.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

High

Confidence: 95% confidence
Finding: The skill declares it should run on every user message via its metadata/description, which gives it an always-on interception role across the conversation. Even though the stated goal is response-quality optimization, such broad scope can unnecessarily alter behavior for unrelated tasks, increase token use, and create a larger attack surface for instruction conflicts or prompt-manipulation side effects.

Vague Triggers

High

Confidence: 96% confidence
Finding: The instruction to perform self-assessment before every response is effectively a mandatory pre-processing step with ambiguous boundaries, causing the skill to influence all outputs regardless of user intent. In practice this can override normal conversational behavior, introduce hidden policy changes such as automatic reasoning-mode switching, and make the agent more predictable to adversarial prompting that tries to trigger deeper internal processing.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal