Weekly Review Builder

Security checks across malware telemetry and agentic risk

Overview

This is a planning-only weekly review helper with no executable code; users should review any suggested project-memory updates before saving them.

Reasonable to install for structured weekly planning. Before writing its output into long-term project memory or task tracking, check that phase changes, bottleneck selection, stale-task handling, and next actions are supported by the weekly logs and do not retain sensitive project details unnecessarily.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The manifest description includes broad trigger language such as 'weekly schedule,' 'after several daily loops,' and 'when project state needs refresh,' which can match common planning or review contexts beyond a narrowly defined invocation. In agent systems that auto-select skills from natural-language descriptions, this can cause the skill to activate too often or in unintended situations, leading to incorrect writebacks, workflow interference, or unnecessary state changes.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal