Ai Competitor Analyzer

Security checks across malware telemetry and agentic risk

Overview

This is a sparse competitor-analysis skill with vague marketing copy, but it contains no executable code or requests for sensitive access.

Install only if you are comfortable with a very sparse, marketing-level skill. Its security risk appears low from the provided artifacts, but its practical value and ROI claims are not substantiated; review any future version again if it adds code, integrations, credentials, external data sources, or automated actions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The manifest description is generic ('AI-powered skill for productivity') and does not communicate what the skill actually does, when it should be invoked, or what boundaries apply. Overly broad descriptions can cause over-selection or misuse of the skill, increasing the chance it is triggered in inappropriate contexts and performs actions outside user expectations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal