Yq Find Skills

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This skill is a disclosed skill-discovery and skill-management helper with broad activation wording, but the submitted artifacts do not show hidden code, credential access, exfiltration, or automatic destructive behavior.

Install this if you want an agent to help find and recommend skills. Because it can suggest changes to mounted skills, review any mount, unmount, update, or priority-change recommendation before approving it, especially in shared team environments.

SkillSpector (2)

By NVIDIA

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger conditions are extremely broad and include generic phrases like '需要为当前任务寻找合适的技能' and '需要管理/优化已挂载技能', which can match ordinary planning or troubleshooting conversations. In a meta-skill that can influence skill discovery and mounting workflows, unintended activation can cause capability-enumeration, recommendation, or privileged follow-on actions to be surfaced when the user did not explicitly request them.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The manifest description embeds broad trigger wording such as '搜索技能、匹配技能、推荐技能、缺失技能识别、动态扩展能力', which increases the chance that orchestration or routing systems treat common user language as an invocation signal. Because this is a meta-skill for discovering and managing other skills, accidental routing is more dangerous than for an isolated content skill: it can alter planning behavior and expose management flows beyond user intent.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal