Back to skill

Security audit

Human Activity Domains

Security checks across malware telemetry and agentic risk

Overview

This is not malware, but it is a very broad meta-skill that can steer an agent into sensitive operational workflows beyond a simple taxonomy lookup.

Install only if you intend to use a broad human-activity workflow meta-skill, not just a taxonomy lookup tool. Prefer read-only use, and require explicit human approval and qualified review before applying its financial, medical, HR, security-testing, database, legal, or destructive-data workflows.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (157)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
清单描述该技能应围绕“人类活动领域”分类体系、36个大域与108个母域的领域定位/分类能力展开,但本文件通篇描述的是人才培养中的技能评估、训练、认证与职业发展流程要求。文件内容与技能宣称的领域分类能力在主题和功能上均明显不一致,属于显著的描述-行为(文档内容)不匹配。

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
This file materially diverges from the skill’s declared purpose: instead of supporting a 6×6 human-activity classification system, it provides a fintech exemplar library and a sample-driven imitation workflow. Such scope drift is dangerous because it can cause the agent to load and use unrelated instructions and content-generation patterns, undermining user trust, bypassing expected guardrails, and enabling unintended behavior through mismatched references.

Description-Behavior Mismatch

High
Confidence
94% confidence
Finding
The file’s behavior is materially inconsistent with the skill’s declared purpose: instead of human-activity domain classification, it defines a data-analysis exemplar library and a sample-imitation workflow. This kind of scope mismatch is dangerous because it can cause an agent to load and apply unrelated instructions, including user-supplied exemplar content, leading to unintended capability expansion, prompt-surface growth, and misuse of the skill outside its advertised trust boundary.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The file content materially diverges from the skill manifest: instead of a 6×6 human-activity domain classification system, it defines a generic data-analysis workflow. This scope drift can mislead downstream agents or users into invoking broader data-processing behavior than advertised, increasing the chance of unauthorized collection, transformation, or analysis of data under a mislabeled skill.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The inclusion of machine learning and data mining expands the skill's operational capability beyond its declared classification purpose. Undisclosed capability expansion is dangerous because it can enable sensitive inference, profiling, or unexpected automated decision support without users understanding that the skill performs advanced analysis.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The file’s content defines concrete forex trading operations, risk handling, compliance, and account preparation workflows, which materially exceed the skill’s declared purpose of domain classification/taxonomy. This scope drift is dangerous because a caller may invoke the skill expecting passive categorization while actually enabling high-risk financial decision support or operational trading behavior.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The skill introduces account setup, funding, permissions, order management, position management, and execution-related capabilities that are not justified by a taxonomy-oriented manifest. In practice, this could facilitate unauthorized or unexpected financial actions, especially if downstream agents trust the manifest and grant the skill broader access than intended.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The file materially exceeds the stated scope of a domain-classification skill and instead specifies operational mental-health assessment, counseling, therapy, and crisis-intervention workflows. This scope drift is dangerous because it can cause an agent intended for taxonomy/classification to perform regulated, high-risk health actions without appropriate safety controls, clinical qualification checks, or escalation boundaries.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The documented capability includes diagnosis, treatment planning, therapeutic intervention, and crisis handling, none of which are justified by the skill's declared purpose of human-activity domain classification. In practice, this can enable unsafe medical or quasi-medical behavior by an agent operating under misleading metadata, increasing the risk of inappropriate advice, delayed emergency referral, and harm in acute mental-health situations.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The file content materially diverges from the manifest’s claimed capability: instead of a human-activity domain classification system, it provides detailed equipment maintenance task-generation requirements. This kind of scope mismatch is dangerous because it can bypass user and platform expectations, causing an agent selected for seemingly low-risk taxonomy/classification work to produce operational maintenance guidance with real-world safety implications.

Description-Behavior Mismatch

High
Confidence
90% confidence
Finding
The file’s content is materially outside the stated scope of a human-activity domain classification skill and instead prescribes detailed IT operations and security-management workflows. In an agent setting, this scope drift can cause the skill to be invoked for unintended operational or security tasks, expanding capability beyond declared intent and increasing the risk of misuse, unsafe automation, or policy bypass through mislabeled functionality.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The file’s content is materially unrelated to the declared skill purpose of human-activity domain classification and instead specifies end-to-end database administration workflows. This kind of capability mismatch expands the effective privilege and operational scope of the skill, creating a pathway for unintended database actions that users and reviewers would not expect from a taxonomy/classification skill.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The document grants capabilities spanning deployment, backup/restore, access control, encryption, auditing, and vulnerability management, none of which are justified by the stated classification-only purpose. In context, this is especially dangerous because the mismatch can conceal powerful infrastructure and security-management behavior behind an innocuous manifest, increasing the chance of misuse, overbroad access, or deceptive capability packaging.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The manifest describes this skill as providing a comprehensive human-activity domain classification system and domain-location capability based on a 6×6 matrix and 108 parent domains. This file instead specifies operational task requirements for carbon accounting, reduction, trading, and neutrality management, which is a distinct business-domain workflow artifact rather than classification logic.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The file content describes a candidate background-check workflow, while the skill manifest claims the skill is a human-activity domain classification taxonomy. This scope mismatch is dangerous because it can cause the agent to invoke sensitive investigative and risk-scoring behaviors under a misleading, seemingly harmless label, bypassing user expectations, review controls, or policy gating tied to the declared capability.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The file content does not match the skill's declared purpose in the manifest: instead of a human-activity-domain classification system, it contains a quality-inspection exemplar index and instructions for collecting and imitating user-provided samples. This mismatch is dangerous because agents or users may invoke the skill under false assumptions, causing unintended data handling, prompt-scope expansion, or policy bypass through irrelevant but operationally active content.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The manifest describes a skill for exhaustive classification of human activity domains using a 6×6 matrix and domain indexing. This file instead specifies a full data-audit process, including audit planning, implementation, risk assessment, compliance checks, reporting, and remediation tracking, which is a different operational purpose.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The file content is materially inconsistent with the declared skill purpose: instead of a 6×6 human-activity domain taxonomy, it provides an operational information-security audit workflow including vulnerability scanning and penetration testing steps. In an agent-skill context, this kind of semantic mismatch is dangerous because routing, retrieval, or downstream automation may invoke the skill under benign classification-related prompts but expose or operationalize security-audit procedures outside the intended scope.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The file is materially inconsistent with the declared skill purpose: instead of a human-activity classification taxonomy, it contains operational requirements for information security review activities. This kind of scope mismatch is dangerous because it can cause the agent to invoke or assemble security-audit, vulnerability-scanning, or penetration-testing workflows under an unrelated skill identity, bypassing user expectations and reducing oversight.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The file content defines an intellectual-property audit workflow, which does not match the declared skill purpose of human-activity domain classification. This capability mismatch can mislead orchestrators or users into invoking the skill for one purpose while it performs another, increasing the risk of unauthorized processing of sensitive legal or business materials and undermining trust and policy enforcement.

Description-Behavior Mismatch

High
Confidence
94% confidence
Finding
The file content materially deviates from the declared skill purpose: instead of a human-activity domain classification system, it provides executable-style internal audit workflow requirements. This mismatch can cause an agent to activate the wrong capability, generate sensitive audit guidance unexpectedly, or bypass governance controls that rely on accurate skill metadata and scope declarations.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The file’s content is an external audit workflow specification, which materially differs from the advertised skill purpose of human-activity domain classification. This capability mismatch can cause the agent to invoke the skill in unintended contexts, leading to unauthorized handling of financial/audit tasks, misrouting of sensitive user requests, and erosion of trust in skill boundaries.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The file content materially deviates from the skill’s declared purpose. Instead of supporting a human-activity domain classification/indexing system, it defines a full energy-audit workflow and reporting requirements, which can cause the agent to invoke or prioritize unrelated operational behavior outside the advertised scope. In an agent skill ecosystem, this kind of scope mismatch is dangerous because it enables capability smuggling, weakens user/admin trust boundaries, and may lead to unintended handling of audit-related data or actions.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The file’s content is materially inconsistent with the declared skill purpose: instead of domain classification/taxonomy support, it specifies end-to-end personnel elimination and offboarding workflows. This capability expansion is dangerous because it can cause an agent selected for a benign classification task to generate or operationalize sensitive HR termination processes without appropriate disclosure, governance, or user expectation.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The document encodes concrete employee termination capabilities such as evaluation, decision-making, communication, settlement, compliance, and records handling, which go far beyond a taxonomy/classification tool’s stated purpose. In context, this hidden functional scope increases the risk of misuse for sensitive employment actions, including unfair or noncompliant termination support, while bypassing the scrutiny that a dedicated HR/legal workflow skill should receive.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.