Anti-Hallucination

Security checks across malware telemetry and agentic risk

Overview

This is a safety-oriented, instruction-only skill that asks the agent to verify claims and log mistakes, with no hidden code or credential use found.

Install this if you want stricter factual self-checking. Keep normal tool approval controls on, and configure or review the memory logging location so sensitive user data, private file contents, or confidential project details are redacted or not retained.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Low

Confidence: 89% confidence
Finding: The skill instructs the agent to write hallucination corrections to a persistent memory file, but it does not warn that this creates durable storage of session content. In practice, claims, errors, and contextual details could contain sensitive user data or internal state, so silent persistence creates a privacy and data-retention risk even if the logging goal is safety-oriented.

Missing User Warnings

Low

Confidence: 90% confidence
Finding: The metrics section directs the agent to maintain a persistent hallucination log without warning that session activity and derived metadata will be stored over time. Even aggregate metrics can reveal behavior patterns, user interactions, or operational history, so this is a real but low-severity privacy/governance issue.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal