Back to skill

Security audit

Super Automation

Security checks across malware telemetry and agentic risk

Overview

This is a small automation guidance skill whose scheduled-task advice is disclosed and aligned with its stated purpose.

Install only if you want the agent to help create scripts or scheduled jobs. Review any generated cron, Task Scheduler, CI, or script commands before running them, use least-privileged accounts, keep secrets in environment variables or a secret manager, and make sure recurring jobs have logging and a clear way to disable them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill’s trigger conditions are very broad and match generic requests about scripting, convenience, and automation. This can cause the skill to activate for many unrelated tasks, increasing the chance it will steer users toward persistent automation or script execution in contexts where that is unnecessary or risky.

Session Persistence

Medium
Category
Rogue Agent
Content
### Linux / macOS

- **cron**:`crontab -e`,一行一条。格式:分 时 日 月 周 命令。
  - 每天 9 点:`0 9 * * * /path/to/script.sh`
  - 每 5 分钟:`*/5 * * * * /path/to/script.sh`
- 确保脚本有执行权限(`chmod +x`),必要时在 crontab 里设 `PATH` 或使用绝对路径。
Confidence
86% confidence
Finding
crontab -e

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.