Skill Runner

Security checks across malware telemetry and agentic risk

Overview

This skill intentionally runs other installed skills from cron-style messages, but it does so with broad delegated authority and weak scoping controls.

Install only if you intentionally need a scheduled launcher for other skills. Before use, restrict which skills it can run, validate target names and paths, review every cron job that invokes it, and assume the selected target skill receives the runner's available tools and session context.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly acts as a dispatcher that can run other skills based on message content, including cron-triggered agentTurn payloads, but the description does not clearly warn operators that it is effectively an indirect code-execution surface over any reachable skill. In this context, that omission is security-relevant because users may schedule or invoke it assuming it is a narrow helper, while it actually expands the attack surface to any target skill and passes along a privileged context object.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal