梳理功能点

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only code documentation skill that reads user-selected source code and produces structured implementation notes, with no hidden execution or credential use.

Install only if you are comfortable letting the agent read related files from the entry point you provide and include implementation details or code snippets in the response or requested Markdown document. Use caution on proprietary or sensitive repositories.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill description is broadly scoped to many ordinary code-understanding tasks, which can cause over-triggering and unintended invocation outside a narrowly defined use case. In an agent system, this increases the chance the skill is selected for unrelated requests, causing excessive workspace traversal, unnecessary code exposure, or unexpected behavior during analysis.

Natural-Language Policy Violations

Medium

Confidence: 84% confidence
Finding: The skill content mandates Chinese output and formatting without giving the user a language choice or documenting a hard locale requirement. This can cause unsafe misunderstandings, reduce operator visibility in mixed-language environments, and make security review or downstream human validation less reliable when users expect another language.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal