Back to skill

Security audit

Skill Creator

Security checks across malware telemetry and agentic risk

Overview

This is a coherent skill-authoring helper whose local file creation and packaging behavior matches its stated purpose.

Install this only if you want Codex to help author and package AgentSkills. Run it on intended skill directories, review SKILL.md changes before installing or sharing them, and inspect packaged .skill archives so private or unrelated files are not bundled accidentally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
79% confidence
Finding
The skill explicitly instructs the agent to run local scripts that create, validate, and package files, but it does not declare permissions or clearly scope those capabilities. That creates a least-privilege gap: an agent may perform file writes and shell execution in contexts where the user only intended advisory review, increasing the chance of unintended filesystem modification or command execution.

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
The frontmatter describes a broad skill for creating, editing, improving, reviewing, and auditing skills, but the body includes operational behaviors such as initializing directories, generating resources, validating, and packaging archives. This mismatch is dangerous because it can trigger the skill for benign editing requests while authorizing materially more powerful actions than the user likely expects.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The description uses very broad trigger phrases like 'improve this skill', 'review the skill', and 'clean up the skill', which can match ordinary editing or review requests. In context, this overbroad triggering is more dangerous because the skill also contains instructions for filesystem changes and packaging, so it may activate in situations where only passive analysis was intended.

Self-Modification

High
Category
Rogue Agent
Content
1. Understand the skill with concrete examples
2. Plan reusable skill contents (scripts, references, assets)
3. Initialize the skill (run init_skill.py)
4. Edit the skill (implement resources and write SKILL.md)
5. Package the skill (run package_skill.py)
6. Iterate based on real usage
Confidence
88% confidence
Finding
write SKILL

Self-Modification

High
Category
Rogue Agent
Content
If you used `--examples`, delete any placeholder files that are not needed for the skill. Only create resource directories that are actually required.

#### Update SKILL.md

**Writing Guidelines:** Always use imperative/infinitive form.
Confidence
88% confidence
Finding
Update SKILL

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.