Skill Compass

Security checks across malware telemetry and agentic risk

Overview

This skill appears intended to audit and improve other skills, but its fix mode can persistently change skill files with weak scoping and safeguards.

Review before installing. Use this only if you are comfortable giving it access to inspect and potentially modify local skill files. Prefer audit-only mode unless you explicitly choose a narrow target path, review diffs first, and have version control or backups for rollback.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 94% confidence
Finding: The skill instructs the operator to run local scripts and describes auto-remediation actions that read and modify skill files, yet it declares no permissions. That mismatch can cause users or orchestration systems to approve a skill without understanding that it performs file reads and writes, increasing the risk of unintended filesystem changes during troubleshooting.

Natural-Language Policy Violations

Medium

Confidence: 83% confidence
Finding: The README recommends absolute trigger language such as 'ALWAYS invoke' and 'Do not attempt ... without this skill,' which can encourage over-broad or coercive routing behavior. In an agent ecosystem, this can cause inappropriate skill activation, suppress user intent or competing safety checks, and increase the chance that a lower-trust skill monopolizes related requests.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The activation description is extremely broad, covering nearly any skill failure, trigger issue, audit, optimization, or proactive review. Overbroad routing conditions can cause this skill to trigger in unrelated contexts, crowd out more specific skills, and lead to unnecessary file inspection or modification recommendations.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The --fix path can modify any discovered SKILL.md file in place via sf.write_text(fixed) with no per-file confirmation, backup, dry-run default, or atomic safety guard. In a tool that recursively scans multiple user and workspace skill directories, this creates a real integrity risk: a mistaken parse or unexpected match can silently alter configuration/content across many files, and an agent or wrapper invoking the script with --fix could cause unintended bulk changes.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal