Security audit

Tool Showcase PPT By HTML

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a content/layout helper, but its artifacts include unsafe and deceptive content-generation guidance that users should review before installing.

Install only if you are comfortable reviewing and overriding its generated marketing and installation copy. Do not publish fabricated testimonials as real endorsements, and do not follow or distribute SmartScreen bypass instructions unless the binary source, publisher, and integrity have been independently verified.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The installation guidance explicitly tells users to bypass Windows SmartScreen by clicking through the warning, without instructing them to verify publisher identity, hashes, or download provenance first. This normalizes suppression of an OS security control and could train users to run untrusted binaries, increasing phishing and malware execution risk.

Natural-Language Policy Violations

High

Confidence: 98% confidence
Finding: The file instructs the AI to generate testimonials that are merely 'real-looking' if real users do not exist, which encourages deceptive marketing content. In an automated content-generation skill, this can systematically produce fabricated endorsements that mislead users and create compliance, fraud, and reputational risk.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal