Advisor.Bak

Security checks across malware telemetry and agentic risk

Overview

The available evidence shows a broadly scoped advisory skill, but not hidden behavior, data access, persistence, or unsafe actions.

Before installing, treat this as a general-purpose perspective skill rather than a specialist advisor. Avoid relying on it for legal, medical, mental health, emergency, or regulated financial decisions unless the skill adds clear limits and escalation guidance.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill description is broad enough to match a wide range of ordinary advice-seeking requests, which can cause the agent to invoke this skill in situations outside its intended scope. Overbroad routing increases the chance of inappropriate handling of sensitive domains such as legal, medical, mental health, or other high-stakes decisions where stronger guardrails and specialized constraints are needed.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The 'When to Use' triggers are phrased in very general terms like needing a second opinion or objective perspective, which overlaps with many everyday and potentially sensitive user requests. Without scope limitations or counterexamples, the orchestration layer may invoke this skill for matters it is not equipped to handle, leading to unsafe or overconfident advice in high-impact contexts.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal