Auto Workflow Builder

Security checks across malware telemetry and agentic risk

Overview

This is a sparse workflow-automation skill with disclosed but potentially powerful integrations, and no artifact evidence of hidden or malicious behavior.

Before installing or using this skill, verify any workflow.sh script separately, review each workflow before enabling it, use least-privilege credentials, and confirm how to disable scheduled or webhook-triggered automations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill advertises capabilities for outbound HTTP requests, webhooks, email, SMS, database operations, and AWS Lambda execution without any warning, consent boundary, or guidance on handling sensitive data and system-impacting actions. In an agent context, this can lead users to invoke networked or state-changing actions that transmit data externally or modify systems without understanding the security and privacy implications.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The manifest description advertises broad workflow-building capabilities such as connecting APIs, scheduling tasks, and triggering actions without stating any user-trigger boundaries, permission limits, or execution constraints. Broad activation language can cause the agent to be invoked in overly general contexts and increases the risk of unintended automation, external API calls, or task execution beyond what the user explicitly requested.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal