HZL
Security checks across malware telemetry and agentic risk
Overview
HZL is a disclosed task-ledger skill that installs an external CLI and persists task data, with its higher-risk operations clearly documented.
Install this only if you trust the HZL CLI package from Homebrew or npm. Avoid putting secrets in tasks or checkpoints, scope shared projects carefully, and use force/prune deletion commands only when you intentionally want to delete HZL data.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.