Cognitive Skill Factory

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed decision-framework bundle with an optional installer, and I found no hidden data access, exfiltration, or destructive behavior.

Safe to install as an advisory thinking-framework skill. Before running scripts/install-all.sh, review the additional skills it installs because they will persist in your agent environment. Also verify the license with the publisher before modifying, redistributing, or using it commercially because the artifacts conflict between MIT and proprietary terms.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The manifest description uses broad promotional language about decision-making and top-tier thinkers without defining concrete activation boundaries, allowed tasks, or disallowed domains. In an agent setting, vague scope increases the chance of over-invocation and users applying the skill to sensitive decisions beyond its intended competence, which can lead to unsafe or misleading guidance.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal