Back to skill

Security audit

Automation Workflow

Security checks across malware telemetry and agentic risk

Overview

This skill is a broad automation template for scraping, social posting, and customer support, but it does not clearly bound account access, customer data use, approvals, or stop controls.

Install only if you will keep it tightly scoped. Define the exact websites, social accounts, support channels, knowledge sources, and customer data it may use; require human approval before public posts or customer-facing replies; avoid always-on scheduling until there are visible logs, pause/stop controls, and escalation rules. Treat its enterprise control claims as unverified because the artifacts do not implement RBAC, audit logging, or compliance controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill advertises website scraping, social media automation, and customer support handling without warning about consent, terms-of-service compliance, privacy, account authority, or review controls. In an enterprise automation context, this can lead users to deploy workflows that collect personal data, post on official accounts, or send customer responses without adequate safeguards, creating privacy, integrity, and compliance risk.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The template describes automated handling of customer support requests across email, web chat, and social media without warning users that responses may be machine-generated or that incorrect routing/answers can occur. In a customer-support context, this can mislead operators into deploying automation without adequate disclosure, escalation safeguards, or review, increasing the risk of inaccurate responses and mishandling of customer issues.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The template explicitly describes automated posting, monitoring of brand mentions, and automatic replies on an external social media account, but it provides no warning about account actions, rate limits, mistaken posts, privacy implications, or the risk of replying to real users without review. In an enterprise automation skill, this can cause unauthorized or unintended public actions and collection/processing of user interaction data, making the omission materially risky rather than merely stylistic.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal