Back to skill

Security audit

Content Calendar

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward content-planning skill that creates calendars and ideas without evidence of hidden account access, posting, networking, or credential use.

Reasonable to install for content planning. Review generated calendars before publishing, and avoid placing sensitive unpublished business details in config files unless you are comfortable with the local agent processing them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
70% confidence
Finding
Without declared permissions the skill's intent is opaque and cannot be validated.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The manifest description says the skill should be used for broad requests like "post ideas," "what should I post," and generally for content strategy "for any business or creator." These phrases are common in ordinary conversation and the file does not provide narrowing constraints or negative examples, which could cause unintended invocation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.