S2-SP-OS Wave/Spectrum Radar

Security checks across malware telemetry and agentic risk

Overview

This radar skill needs review because it handles sensitive room presence and health signals while its examples encourage autonomous audio, lighting, and emergency follow-up actions.

Install only if you are comfortable with a local agent receiving room occupancy and quantized heart/breathing status. Treat it as a prototype because the uploaded Python does not currently compile and appears simulated. Do not allow its outputs to trigger microphones, lights, emergency routines, or other devices unless you add explicit human approval, clear consent, and false-positive handling.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The example explicitly instructs the agent to autonomously invoke an additional sensing skill and escalate to an emergency routine based on a breathing anomaly, without requiring user confirmation, a warning, or strong safeguards against false positives. In a perception skill handling occupancy and biometrics, this materially increases privacy and safety risk because downstream agents may treat the example as normative behavior and perform surveillance or emergency actions beyond the passive scope advertised by the skill.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal