glic-check

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed quality-review skill that reads user-selected targets and reports findings, with no evidence of hidden exfiltration, persistence, or automatic mutation.

Install it if you want structured code or skill reviews, but be aware that broad review phrases may invoke it; specify the exact files or diff you want checked, and review any proposed fixes before approving changes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger list includes broad natural-language phrases such as 'systematically review this', 'audit my skill', and 'quality check this code', which can match ordinary user requests that are not clearly intended to invoke this specific skill. In an agentic environment, overbroad invocation boundaries can cause unintended activation, leading the skill to read or analyze more content than the user expected and potentially steer execution away from the primary task.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The workflow states that a generic request for a 'multi-dimension review' without explicit mode selection should default to GLIC mode. That fallback broadens activation scope beyond clear user intent, making accidental routing into this skill more likely when the user may only be discussing review concepts rather than requesting execution.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal