Wiki Query

Security checks across malware telemetry and agentic risk

Overview

The skill appears to perform disclosed knowledge-base or wiki maintenance, with expected persistent writes but no evidence of hidden or destructive behavior.

Before installing, expect the skill to create or update knowledge-base files. Use it in a workspace where those writes are acceptable, review diffs before committing, and avoid feeding it secrets or private material unless that content belongs in the wiki.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Low

Confidence: 95% confidence
Finding: The skill explicitly instructs the agent to save results back into the wiki and update index/log files, but it does not clearly warn that using the skill can modify repository contents. This can lead to unintended file writes, surprising persistence of model-generated content, and accidental changes to tracked documentation or git-backed knowledge bases.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal