Back to skill

Security audit

Low Token Usage

Security checks across malware telemetry and agentic risk

Overview

This is a text-only token-saving skill that changes response verbosity, with some transparency caveats but no code, data access, or install-time execution.

Install only if you want shorter agent replies. For sensitive or state-changing work, explicitly keep the mode low or ask the agent to provide confirmations and summaries.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly instructs the agent to skip confirmation messages in medium mode, which reduces user visibility into what actions were taken. In an agentic environment, suppressing confirmations can hide unintended or risky operations, making misuse, mistakes, or policy violations harder to detect and correct.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The auto-detection criteria for escalating modes are vague and broad, such as 'user mentions token limits' or 'end of week / quota period,' which can trigger compressed behavior without clear user intent. This increases the chance that the agent will silently switch into a less transparent operating mode during important tasks, weakening oversight and potentially bypassing expected interaction safeguards.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.