Skill Registry | 技能注册表

Security checks across malware telemetry and agentic risk

Overview

This is a transparent local skill registry that can influence future skill routing, but it does not contain executable code, credential access, network access, or hidden actions.

Install this only if you want persistent local skill discovery and routing. Prefer explicit commands such as /skills, keep trigger words specific, and require confirmation before any matched skill performs file changes, account actions, public posting, or other high-impact work.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The registry advertises trigger phrases such as "what skills" and "你会什么" that closely resemble ordinary conversation, so the skill can be invoked unintentionally during normal chat. This creates routing ambiguity and can cause the agent to expose or prioritize registry behavior when the user did not explicitly request it, reducing reliability and potentially surfacing internal workspace capabilities unnecessarily.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The `skill-registry` entry uses very broad single-word triggers (`skills`, `技能`) without any scope constraints, which can collide with many legitimate user requests containing those words. In a trigger-word routing system, ambiguous triggers increase the chance of misrouting, accidental activation, and unintended disclosure of available skills or workflow structure.

VirusTotal

45/45 vendors flagged this skill as clean.

View on VirusTotal