Back to skill

Security audit

Rationality

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only reasoning skill, with some command and memory guidance that should stay user-approved but no hidden code or exfiltration behavior.

This skill is reasonable to install as a reasoning aid if you are comfortable with an opinionated decision framework. Keep command approval enabled, do not allow unsupervised git reset or broad shell probing, and only allow memory updates for reviewed, non-sensitive corrections you actually want retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The guidance explicitly instructs AI agents to use `exec` to probe the environment when tools fail, introducing shell/code-execution behavior into a generic reasoning pattern that does not otherwise justify such capability. This is dangerous because it can normalize unsafe environment inspection, bypass safer tool boundaries, and lead agents to execute commands in contexts where command execution is unnecessary or risky.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly recommends reverting with `git reset` as an immediate repair step, but provides no safeguard to distinguish safe reset modes, no warning about data loss, and no instruction to confirm with the user before discarding work. In an autonomous or semi-autonomous agent context, this can lead to destructive rollback of uncommitted changes or user data during routine error handling.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The instruction to update `memory/` when a user corrects the agent encourages persistent state modification without any constraints on what may be stored, validation of correctness, or user consent for persistence. This can cause accidental retention of sensitive, incorrect, or prompt-injected data that affects future behavior beyond the current session.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The markdown advises using `exec` without any warning about shell execution, side effects, privilege boundaries, or the need for user consent. In an agent skill, that omission can cause downstream agents to treat command execution as a routine debugging step, increasing the chance of unsafe commands, data exposure, or unintended system modification.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.