Security audit

Skill Guidance

Security checks across malware telemetry and agentic risk

Overview

This skill is a planning/audit helper that reads a target skill repository and writes audit handoff files, with no evidence of hidden credential access, exfiltration, or destructive behavior.

Install this if you want a skill-audit planner that will read the target repository and leave .skill-guidance JSON outputs beside it. Review or redirect those generated files if you do not want audit artifacts committed, and be aware that comparable-skill research may use local KB tooling to fetch public references into /tmp.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The description uses broad activation language such as 'use when asked if a skill is good/industrial-grade' and when 'pointed at a SKILL.md before build,' which can match common review or planning requests beyond a tightly scoped trigger. That increases the chance of accidental invocation on unrelated repositories or user prompts, especially because the skill then performs analysis and may write artifacts into the target workspace.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill writes `.skill-guidance/clarifying-questions.json` and `.skill-guidance/handoff-spec.json` into the target repository, but the user-facing description does not clearly warn that files will be created or modified. This can lead to unexpected workspace changes, pollute repositories, and in automated pipelines create persistent artifacts without explicit user consent.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The example handoff spec includes very broad observed trigger phrases such as natural-language requests that could easily match ordinary user conversation. In a skill-routing context, overbroad triggers can cause unintended activation of this meta-skill, leading to misrouting, unnecessary disclosure of repository context, or accidental planning/auditing behavior when the user intended something else.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal