Security audit
AI Customer Service Automation
Security checks across malware telemetry and agentic risk
Overview
The skill is not overtly malicious, but it advertises automated customer replies, ticket creation, third-party channel access, and learning from historical conversations without enough control or data-scope detail.
Review this carefully before installing. Do not connect production customer channels, ticketing systems, or historical conversation data until the publisher documents the actual implementation, credential scopes, human approval controls, data retention/redaction behavior, and rollback procedures.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.