Just Keep Working

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a disclosed coding-workflow helper that encourages steady progress, with broad autonomy users should understand but no evidence of hidden data theft or malware.

Install this only if you want your agent to be more autonomous during coding tasks. Review its behavior on ambiguous decisions, and keep normal safeguards enabled for destructive actions, large refactors, sensitive repositories, or changes that are hard to reverse.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

High

Confidence: 97% confidence
Finding: The skill declares itself applicable to essentially any request involving code changes, fixes, refactors, or project tasks, which makes it likely to auto-activate in routine development contexts without clear user opt-in. Broad trigger scopes are dangerous because they can override narrower, safer workflows and push the agent into high-autonomy behavior on common requests where confirmation, bounded scope, or human choice should be preserved.

Natural-Language Policy Violations

Medium

Confidence: 94% confidence
Finding: The instruction to proceed with the model's recommendation if the user does not respond removes meaningful user control at exactly the point where the skill admits ambiguity exists. In security-sensitive or high-impact coding tasks, silence should not be treated as consent, because it can lead the agent to make irreversible or misaligned decisions without authorization.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal