Skill Security Guard

Security checks across malware telemetry and agentic risk

Overview

This is mainly a local skill-code scanner, but it also ships under-disclosed live network probing and firewall-inspection code.

Review before installing. Use it only on intended skill directories, avoid scanning broad personal folders, keep reports private because they may include secret snippets, and do not use the network-checking helpers against systems you do not own or have permission to test.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Behavioral ASTexec() Call, eval() Call, Dynamic Import
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (11)

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The skill executes local firewall inspection commands and returns their output, which is materially broader host introspection than scanning third-party skills for malicious code. In this context, that mismatch increases risk because the feature can expose sensitive host security posture and normalizes unnecessary system access inside a security-branded skill.

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The module performs active network reconnaissance such as port scanning and SSL probing against arbitrary hosts, which is outside the stated purpose of analyzing third-party skill code. In a skill positioned as a security scanner for code safety, these capabilities are more dangerous because they can be repurposed for network enumeration without clear justification.

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: Enumerating local IP addresses exposes host network configuration that is unrelated to scanning third-party skill source for malicious logic. In this context, the feature increases privacy and environment-disclosure risk because it can reveal internal addressing information from the machine running the skill.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: These functions open outbound network connections and probe ports on user-supplied hosts without any explicit disclosure or consent boundary. Hidden active network behavior is dangerous because users may not realize the skill is contacting external systems, and in this skill's context that behavior is not obviously necessary for scanning third-party code.

Missing User Warnings

Low

Confidence: 85% confidence
Finding: SSL certificate checking establishes a real network connection to the provided URL, but the code does not clearly disclose that remote communication will occur. While less severe than port scanning, it still creates transparency and privacy issues because it can contact arbitrary external hosts unexpectedly.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The firewall-status routine runs local system commands and may expose detailed host-security configuration, yet there is no explicit warning that such commands will be executed. In a code-scanning skill, undisclosed host introspection is especially risky because it exceeds reasonable user expectations.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The connectivity check launches ping subprocesses against supplied hosts without warning users that outbound probes and local command execution are involved. This is risky because it can be used for quiet network reconnaissance and is not clearly aligned with the advertised code-analysis purpose.

Missing User Warnings

Low

Confidence: 84% confidence
Finding: Local IP enumeration accesses potentially sensitive host network information without telling the user that environment details will be collected. Even if intended for diagnostics, this is an unnecessary privacy risk in a skill focused on third-party skill scanning.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The code performs port scanning against a supplied host with no built-in user warning, consent flow, or target restriction. In an agent skill context, silent network probing can be misused for reconnaissance of internal or external systems and may violate user expectations or platform policy even if the feature is framed as security scanning.

Missing User Warnings

Medium

Confidence: 82% confidence
Finding: SSL certificate inspection opens outbound connections to arbitrary URLs without any disclosure or consent guardrails. In an agent environment this can leak access patterns, trigger unexpected network traffic, and be repurposed to probe internal services if URL inputs are not restricted.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill runs local firewall-inspection subprocesses and returns their output without any user-facing disclosure. In a skill setting this can expose sensitive host configuration details and collect local system security posture information beyond what a user may expect from a simple check.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal