README Grader

Security checks across malware telemetry and agentic risk

Overview

This is a low-risk README review helper that analyzes pasted text and does not install code, use credentials, or access files or the network.

Safe to install for README feedback. Paste README text directly rather than URLs, and remove secrets or private information from the README before sharing it. Expect responses in Chinese unless the skill is edited or configured differently.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 93% confidence
Finding: The skill unconditionally instructs the agent to always respond in Chinese, which overrides user language preference and can create a policy/behavior mismatch at runtime. While not directly enabling code execution or data exfiltration, it reduces user control and can be abused as a coercive instruction pattern inside reusable skills.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal