Security Vuln Scanner Hardened

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed code-security scanning helper with no executable install steps or hidden data transfer, though its activation wording is broad.

Install only if you want an agent to help review code for security issues. Treat scan inputs and outputs as sensitive, keep results in the conversation or approved internal workflows, and prefer a narrower invocation such as "scan this code for vulnerabilities" to avoid accidental activation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger phrase "vulnerability" is broad enough to activate during ordinary discussion of security topics rather than an explicit request to invoke the skill. That can cause unintended skill execution, pulling sensitive code or findings into the skill workflow unexpectedly and creating privacy or routing risks in multi-skill environments.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger pattern "vulnerability" is so generic that it can match ordinary user requests and unintentionally invoke this skill outside a clearly intended security-scanning context. Overbroad activation increases the risk of incorrect routing, prompt collisions with other skills, and accidental processing of unrelated or sensitive content.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal