Locale Dates

Security checks across malware telemetry and agentic risk

Overview

The only reported issue is a hardcoded Europe/Oslo time-display rule, which is a usability and accuracy risk but not evidence of malicious behavior.

Install only if an Europe/Oslo default matches your intended use. For logs, audits, incidents, schedules, or deadlines, ask the agent to preserve the original timezone and label any conversion clearly.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

High

Confidence: 81% confidence
Finding: The skill instructs the agent to ALWAYS convert presented times to Europe/Oslo, which can cause systematic misrepresentation of timestamps for users in other locales. In contexts involving logs, audits, deadlines, incident response, or security events, showing the wrong local time can mislead operators and cause incorrect decisions or missed actions.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal