Skylv Agent Performance Profiler

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only agent performance profiling skill, with a minor risk of being triggered too broadly but no evidence of hidden or harmful behavior.

Reasonable to install if you want agent performance advice. Be aware that broad performance-related words may invoke it unintentionally, and avoid sharing sensitive conversation traces or tool logs unless you intend them to be analyzed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 96% confidence
Finding: The trigger list is broad enough to match common terms such as performance, optimize, token, latency, and profiling, which can cause the skill to activate in situations where the user did not explicitly request it. Unintended invocation can alter agent behavior, consume tokens/tools unexpectedly, and create prompt-routing confusion across unrelated tasks.

Vague Triggers

Low

Confidence: 78% confidence
Finding: The manifest description advertises broad trigger concepts like performance profiling, agent speed, and token optimization without defining strict activation boundaries. On its own this is mostly a quality issue, but in an auto-dispatch system it increases the chance of accidental selection and misrouting.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal