Malware Analyst

Security checks across malware telemetry and agentic risk

Overview

This skill appears to present itself as file identification while giving users higher-risk malware-analysis and sample-execution guidance without enough safety boundaries.

Install only if you intentionally want defensive malware triage guidance and can run it in an isolated, authorized sandbox or disposable VM. Do not use it for routine file identification unless the publisher narrows the scope and adds clear containment and authorization requirements before any dynamic-analysis steps.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: The skill metadata and usage guidance claim this is for generic file identification, but the body contains substantive malware-analysis procedures including static and dynamic analysis. This mismatch can cause the skill to be invoked in inappropriate contexts, increasing the chance that users are guided into handling malicious binaries or running samples without realizing the operational risk.

Intent-Code Divergence

Medium

Confidence: 94% confidence
Finding: The documentation materially understates the capability of the skill by presenting it as file identification while supplying full malware-analysis workflow content. In practice, this weakens operator awareness and policy gating, making it easier for the skill to bypass intended review or be used by users who are not prepared for malware-handling risks.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The dynamic-analysis section instructs the user to execute a malware sample and interact with it, but it does not explicitly require containment controls, snapshotting, network isolation, revert procedures, or authorization checks. That omission is dangerous because it can lead users to run live malware in insufficiently isolated environments, risking host compromise, lateral movement, or unintended beaconing to external infrastructure.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger language is overly broad and mismatched, suggesting use for ordinary file identification tasks even though the skill covers malware-analysis procedures. Overbroad activation criteria can surface this skill in low-risk contexts and expose users to advanced malware handling instructions that are unnecessary and potentially unsafe for the task at hand.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal