Arya Model Router

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a local model-routing helper with no evidence of exfiltration, destructive behavior, or hidden persistence.

Install only if you want an agent-side routing helper. Avoid using broad router prompts on private or very large content unless you intend that content to be analyzed or routed to another model/sub-agent, and review its local rules/state files if cost or data minimization matters.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The activation example "Router: analiza esto" is very broad and does not define scope, allowed inputs, or safety boundaries. In an agent environment, vague trigger phrases can cause unintended routing behavior, including invocation on sensitive, irrelevant, or attacker-crafted content, which may increase token spend, expose context to stronger sub-agents, or bypass expected user confirmation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal