Question Explanation

Security checks across malware telemetry and agentic risk

Overview

This skill is a focused question-explanation helper that creates local HTML tutorial files, with no evidence of hidden access, credential use, networking, persistence, or malicious behavior.

Install this if you want question explanations delivered as standalone HTML files. To avoid accidental overwrites, ask the agent to save outputs with a unique filename or in a dedicated output folder, and only open generated HTML from question content you trust enough to render locally.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly instructs the agent to create or overwrite a real `.html` file and send it to the user, but it provides no confirmation step, safe filename constraints, or limits on where files may be written. In an agent environment with filesystem access, this can cause unintended file modification or overwrite of existing artifacts, especially if a filename is derived from user content or defaults to a shared working path.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal