Back to skill

Security audit

Capability Pipeline OS

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only planning framework, with broad activation language and tool-use examples that users should supervise for important actions.

Install only if you want a broad planning and task-orchestration framework. Treat it as a structuring aid, not blanket permission for the agent to act autonomously; require confirmation before edits, code execution, external submissions, transactions, deployments, or other irreversible steps.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger list is extremely broad and includes generic planning and workflow terms like '工作流', '任务分解', and 'Pipeline', which can cause the skill to activate for many unrelated user requests. In an agent environment, this creates routing hijack risk: the skill may intercept general-purpose tasks and impose its own execution framework or instructions where the user did not intend to use it.

Natural-Language Policy Violations

Medium
Confidence
80% confidence
Finding
The skill metadata and visible instructions are written in Chinese and appear to direct operation in Chinese without offering language negotiation or preserving the user's chosen language. This can cause misalignment with user intent, reduce transparency of agent behavior, and make it harder for users or reviewers to understand what workflow rules are being applied.

Vague Triggers

High
Confidence
95% confidence
Finding
The trigger list is extremely broad and includes generic planning terms such as '工作流', '任务分解', and '执行框架', which can cause the skill to activate in many unrelated contexts. That increases the chance this skill hijacks ordinary user requests, injecting its own orchestration framework and tool-use behavior into sessions where the user did not intend to invoke it.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill explicitly endorses tool use for 'file read/write' and 'code execution' as internal implementation details while also saying such details may be hidden from the user. That combination is risky because it normalizes potentially state-changing operations without requiring explicit user consent, safety gating, scope limits, or visibility into system impact.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.