Back to skill

Security audit

Nika Skill Creator

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a straightforward Nika skill document generator and validator, with disclosed local file-writing behavior and no hidden credential or network activity.

Install this if you want a Chinese-language helper for creating Nika skill documents. Run the included Python scripts only in the repository where you want files created, review generated documents before using them, and avoid --force unless you intentionally want existing files replaced.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The workflow says the default behavior is to generate or update files in the repository, but it does not require explicit user confirmation immediately before making those changes. In an agent setting, silent or assumed write behavior can lead to unauthorized modifications, accidental overwrites, or persistence of unsafe content.

Natural-Language Policy Violations

Medium
Confidence
96% confidence
Finding
The referenced specification is entirely in Chinese and does not state that the skill operates in Chinese or that the user has opted into that language. This can cause users or downstream agents to misunderstand required constraints, produce incorrect skills, or miss security-relevant rules because the operative instructions are not accessible to the expected audience.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.