Back to skill

Security audit

fff

Security checks across malware telemetry and agentic risk

Overview

This looks like a real skill-authoring helper, but its identity and packaging are inconsistent enough that users should review it before installing.

Install only if you trust the publisher and verify the intended identity first. Keep target skill directories under version control, review generated SKILL.md and scripts before packaging, and inspect any .skill archive before sharing or installing it elsewhere.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill instructs the agent to read and write files, invoke local scripts, and package artifacts, which are meaningful capabilities, but it declares no explicit permissions or guardrails. In a skill that can create or modify other skills, this broad undeclared access increases the chance of unintended filesystem changes or script execution without clear user consent boundaries.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The description contains very broad trigger phrases such as creating, editing, reviewing, cleaning up, and auditing a skill, which can overlap with many ordinary requests. Overbroad triggering is dangerous because it may cause this powerful self-modifying skill to activate in contexts where the user did not intend filesystem edits, script execution, or packaging behavior.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The description contains broad trigger phrases such as "create a skill," "improve this skill," and "review the skill," which are common in ordinary conversation and can cause the skill to activate in contexts broader than intended. Over-broad activation is risky because this skill is empowered to create, edit, restructure, and package skills, so accidental invocation could steer the agent into modifying prompt-bearing artifacts or performing file operations the user did not specifically intend.

Self-Modification

High
Category
Rogue Agent
Content
1. Understand the skill with concrete examples
2. Plan reusable skill contents (scripts, references, assets)
3. Initialize the skill (run init_skill.py)
4. Edit the skill (implement resources and write SKILL.md)
5. Package the skill (run package_skill.py)
6. Iterate based on real usage
Confidence
95% confidence
Finding
write SKILL

Self-Modification

High
Category
Rogue Agent
Content
If you used `--examples`, delete any placeholder files that are not needed for the skill. Only create resource directories that are actually required.

#### Update SKILL.md

**Writing Guidelines:** Always use imperative/infinitive form.
Confidence
95% confidence
Finding
Update SKILL

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.