Back to skill

Security audit

spec steering workflow

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local workflow helper that creates and updates task-state files for long-running work, with no evidence of credential access, exfiltration, or destructive behavior outside its stated scope.

Install this only if you want the agent to keep task state in your workspace. Expect it to create or update specs/active, specs/archive, and steering files during long tasks; review those files if you do not want persistent planning or handoff notes kept in the project.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill explicitly instructs the agent to read and write workspace files (`specs/...`, `steering/...`) and to invoke a local script, but it declares no permissions or user-facing notice about those capabilities. This creates a transparency and consent problem: users or calling systems may treat the skill as non-mutating when it can persist state and modify the workspace.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The workflow directs persistent writes such as checkpoints, handoff updates, and metadata updates, but it does not warn the user that running the skill will modify the workspace. In a multi-session stateful workflow, silent persistence can overwrite existing project files, create confusion about agent actions, and violate user expectations about when disk changes occur.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill enables implicit invocation globally but defines no trigger constraints, exclusions, or scoping rules. That increases the chance the agent will auto-apply this workflow in unrelated contexts, causing unintended file creation, checkpointing, or state-carrying behavior across tasks and sessions, which can affect privacy, integrity, and user intent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.