Skylv Content Writer

Security checks across malware telemetry and agentic risk

Overview

This is a simple writing-helper skill with no executable code, install hooks, credential access, persistence, or unrelated system access.

Safe to install as a content-writing helper. Review generated facts, citations, and code examples before relying on them, and avoid giving sensitive proprietary material unless you are comfortable sharing it with your agent environment.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger list includes very broad phrases such as 'content writing', 'copywriting', and 'technical writing', which can match many normal user requests and cause this skill to activate unintentionally. Over-broad invocation increases the chance of routing sensitive, unrelated, or higher-priority tasks into a generic writing skill, potentially leading to prompt collisions, policy bypass opportunities, or inappropriate handling of user data.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal