Back to skill

Security audit

Skill Vetter Guide

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate security-vetting guide, but some templates can persistently change agent behavior or schedule recurring audits without enough confirmation and rollback detail.

Use the checklists and report templates, but do not let an agent modify AGENTS.md or create a cron job from these prompts until you have reviewed the exact target path, diff, cron entry, output directory, execution context, and removal steps.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
This template explicitly instructs the agent to write directly to AGENTS.md, which modifies persistent configuration and future agent behavior. Even though the purpose is security governance, prompting direct config edits without an explicit confirmation or warning can lead to unintended policy changes, persistence, or misuse if the template is reused in a different context.

Missing User Warnings

Low
Confidence
71% confidence
Finding
The audit template directs the agent to write a timestamped markdown file locally without warning that a new file will be created. This is lower risk than config or persistence changes, but it still causes filesystem side effects that a user may not expect, especially in sensitive environments or read-only workflows.

Missing User Warnings

High
Confidence
96% confidence
Finding
This template instructs creation of a cron job, which establishes persistent scheduled execution and modifies system behavior beyond the current session. Even though framed as automated security auditing, persistence mechanisms are security-sensitive and can be abused, especially if created without strong warnings, explicit consent, scope restrictions, and clear disclosure of what will run.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This template explicitly instructs the agent to directly modify AGENTS.md, a persistent configuration/policy file, without requiring an explicit warning or fresh confirmation at the time of modification. Even though the user-facing purpose is security hardening, silent policy-file writes can create lasting behavioral changes, expand future automation, and normalize unsafe persistence patterns in downstream agent executions.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The template directs the agent to write audit results to timestamped markdown files without clearly warning that new local files will be created and retained. This is lower severity than policy-file modification, but it still causes persistent filesystem changes that may surprise users, leak sensitive audit metadata into disk artifacts, or clutter managed environments.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This template requests creation of a recurring scheduled task plus ongoing audit output files without an explicit warning about persistent system changes. Scheduled tasks are especially sensitive because they establish durable autonomous execution, can consume resources indefinitely, and may continue operating beyond the user's immediate awareness if created too casually.

Session Persistence

Medium
Category
Rogue Agent
Content
## Set Up Automated Audit Cron

```text
Please create a cron job that runs a skills security audit every 4 hours.

Requirements:
1. Run in an isolated session
Confidence
95% confidence
Finding
create a cron job that

Session Persistence

Medium
Category
Rogue Agent
Content
Requirements:
1. Tell me which file it should go in
2. Write it directly
3. Explain how this rule affects future skill installation tasks
4. Give me an example of what to say so the agent automatically vets before installing
```
Confidence
84% confidence
Finding
Write it directly 3. Explain how this rule affects future skill installation tasks 4. Give me an example of what to say so the agent automatically vets before installing ``` ## Audit Installed Skills

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.