Skill Vetter
Security checks across malware telemetry and agentic risk
Overview
This is a non-executable checklist for reviewing other skills, with only disclosed, purpose-aligned GitHub fetch examples.
Safe to install as a manual vetting checklist. When using it, only fetch repositories you intend to review, verify placeholders before running the curl examples, and treat any downloaded skill text as untrusted content.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
63/63 vendors flagged this skill as clean.