Adam Skill 1.0.0

Security checks across malware telemetry and agentic risk

Overview

This is a broad but disclosed personal-planning skill with no code, credentials, persistence, or hidden high-impact behavior.

Safe to install from the reviewed artifacts. Treat it as a general planning helper, and manually confirm any real-world actions involving messages, purchases, appointments, travel, or family information outside the skill.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The skill is defined as a broad, all-purpose personal assistant covering schedules, family matters, shopping, appointments, communications, planning, and decision support without clear boundaries or trigger constraints. This ambiguity can cause overbroad activation and make the agent handle sensitive personal contexts or high-impact tasks unexpectedly, increasing the chance of unsafe actions, privacy issues, or misuse.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal