Security audit

operations-engineer

Security checks across malware telemetry and agentic risk

Overview

This is a simple operations-advice skill with no executable code, hidden install behavior, credential handling, persistence, or automatic system access.

Install if you want general operations-engineering advice. Treat any production troubleshooting, backup, recovery, or optimization steps as guidance to review before applying in a real environment, especially when changes could affect availability or data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger condition is very broad, covering nearly any system operations, monitoring, troubleshooting, optimization, backup, recovery, or security question. This can cause the skill to activate in many unrelated or only partially related contexts, increasing the chance of unintended privilege, misleading operational guidance, or unsafe automation being surfaced when a more specific skill or general assistant behavior would be appropriate.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.