opus

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only skill for choosing Claude model tiers, with disclosed cost and quality tradeoffs and no evidence of hidden execution, credential access, persistence, or data exfiltration.

Install this only if you want your agent to follow these Claude model-routing preferences. Review the broad escalation rules because they may increase use of Sonnet or Opus, raising cost and sending more context to higher-tier models; also confirm that the package named 'opus' is the intended smart-model-switching skill.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The routing criteria are intentionally broad enough to capture many normal interactions, including 'most user conversations' and any task needing more than 30 seconds of thought. In an agentic environment, this can cause systematic misrouting to more capable or expensive models, increasing attack surface, cost, and the chance that sensitive or policy-relevant tasks are handled by the wrong execution tier.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal