Idea Darwin 中文版

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed idea-iteration skill that reads and writes local project idea files for its stated purpose, with no executable code, network access, or credential use.

Install this if you want an agent-managed local idea workflow. Use it in a dedicated project folder, review generated cards and reports before relying on them, and be aware that broad idea-ranking or idea-iteration requests may cause the skill to read and update local idea project files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

High

Confidence: 94% confidence
Finding: The skill explicitly instructs automatic triggering for any task involving structured ideas, scoring, ranking, or iterative brainstorming, which is broader than a narrowly scoped command trigger. This can cause inappropriate activation on ordinary brainstorming or note-organization tasks, leading the agent to override user intent, apply unnecessary file operations, and expose unrelated workspace content to the skill’s workflow.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal