Skill Publish & Evolution Workflow
Security checks across malware telemetry and agentic risk
Overview
This is a disclosed, instruction-only workflow for packaging and publishing skills, with no hidden code or automatic behavior.
Install only if you want an agent workflow for turning reusable work into publishable skills. Run it from the intended project directory, review discovered files before packaging, confirm the publishing account and target marketplace, and ensure no API keys, credentials, or private material are included in published content.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.