Agent Pulse

Security checks across malware telemetry and agentic risk

Overview

This is a narrow agent availability/status-check skill with disclosed behavior and no evidence of hidden data access or destructive actions.

Reasonable to install if you want a compact agent availability response. Be aware that natural-language questions about whether the agent is busy or can take work may trigger the fixed pulse card; restrict triggers to `Agent Pulse` or `/pulse` in environments where casual availability wording should not alter routing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The trigger includes broad natural-language equivalents for being busy or interruptible, which can cause unintended activation on ordinary conversation rather than an explicit command. In an agent-routing context, this may let a low-cost rule-based skill intercept requests that should go to a more appropriate skill, creating denial-of-service-like misrouting, suppressed reasoning, or misleading status responses.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal