Back to skill

Security audit

Swarm Coord

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only multi-agent coordination skill whose risks are mostly about user control, broad activation, and shared task context rather than hidden or malicious behavior.

Install this only if you want multi-agent orchestration. Review the proposed subtask plan before execution, confirm any messages, document edits, commits, or pushes, give child agents only the credentials and context they need, and disable or avoid memory/task-state persistence for sensitive work.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger phrases are broad, generic terms such as '协作', '分工', 'swarm', and 'team work' that can easily appear in ordinary conversation. In a skill that can spawn multiple agent sessions and coordinate downstream actions, accidental activation can cause unintended task decomposition and execution, especially if paired with side-effecting sub-agents.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The README says complex tasks can 'automatically trigger' the skill, but does not define reliable boundaries for when that happens. Because this skill orchestrates parallel agents and may delegate actions outward, ambiguous auto-activation increases the risk of surprising execution and unintended propagation of user requests to multiple sessions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The examples include writing to Feishu documents, updating GitHub README with commit and push, and sending group notifications, but the README does not prominently warn that these are external, state-changing actions. In a multi-agent orchestration context, this is more dangerous because one high-level request can fan out into several independent writes or messages, amplifying accidental or unauthorized impact.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger words and description are broad enough that ordinary requests about collaboration, teamwork, or parallel work could invoke the skill unintentionally. Because this skill can spawn multiple sessions and coordinate impactful downstream actions, accidental activation increases the chance of unnecessary task delegation, context spread, and unintended execution scope.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The invocation rules allow discretionary activation based on the CEO's judgment that a task is suitable for decomposition, without objective boundaries. This makes the skill easier to activate in ambiguous situations and may cause it to take over workflows involving multiple agents, external actions, or broader data sharing than the user intended.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The example output explicitly includes sending meeting notes to a chat group, updating and pushing documentation, and sending a report to an executive, but the skill does not require prominent user warning or confirmation for those external and repository-modifying actions. In a multi-agent setting, this is more dangerous because delegated subtasks can perform side effects quickly and in parallel, amplifying the impact of a mistaken or overbroad invocation.

Missing User Warnings

Low
Confidence
81% confidence
Finding
The skill states that overall progress may be saved to '.task-state.json' and execution results may be recorded to memory or a diary, but it does not disclose what data is stored, for how long, or under what consent model. In a coordination skill that aggregates outputs from multiple agents, this can increase privacy risk by centralizing and persisting potentially sensitive task data beyond the immediate session.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.