contract-review-pro
Security checks across malware telemetry and agentic risk
Overview
This is a Chinese contract-review prompt skill with no executable code, credential use, background behavior, or hidden data access.
Install only if you are comfortable sharing contract text with your agent environment. Treat the review as advisory rather than legal advice, consult a qualified lawyer for important agreements, and verify the publisher and payment details before paying.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.