Back to skill

Security audit

UniSkill V4

Security checks across malware telemetry and agentic risk

Overview

This is a local decision-analysis skill with broad auto-triggering and a risky manual release script, but no evidence of hidden data access, exfiltration, or automatic destructive behavior.

Install only if you are comfortable with keyword-based automatic activation and heuristic decision scoring. Review recommendations before acting on them, especially for CNC quoting or business decisions. Do not run the release script unless you are in the intended project directory and have checked that no secrets, private files, or unrelated artifacts would be included by git add .

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger phrases are very broad, such as common expressions like '帮我评估' and '哪个更好', which can match ordinary conversation and cause the skill to activate unintentionally. In an agent framework, overbroad auto-triggering can route unrelated user requests into this skill's logic, leading to incorrect handling, prompt hijacking of workflow, or unexpected access to downstream tools and decision paths.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script blindly initializes a Git repository, stages all files with `git add .`, and creates a commit without any warning, confirmation, or file filtering. This can unintentionally capture secrets, local artifacts, configuration files, or unrelated workspace contents and permanently record them in Git history, which is especially risky in a release-publishing context.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The gateway can automatically route CNC-related input into a quotation/execution-preparation path and returns a recommendation that the request is ready for pricing, without explicit user confirmation or a disclosure that workflow routing has occurred. In an agent context, silent transitions from analysis into operational or quasi-transactional handling can mislead users and increase the risk of unintended business actions, especially if downstream components later automate quoting or fulfillment.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.