Back to skill

Security audit

skillguard-check

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local skill-audit helper that sends installed skill names to skillguard.vip, with no evidence of hidden persistence, credential access, or destructive behavior.

Install only if you are comfortable sharing the names of your installed skills with skillguard.vip or a configured replacement API. Review unaudited results carefully because private or unpublished skills may not appear in the database, and prefer a pinned or marketplace-installed copy over fetching from a moving branch.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill description does not clearly warn that it sends local skill identifiers, and potentially path-derived metadata, to an external service. Even if the transmitted data seems limited, installed skill names can reveal tools, projects, employers, or security posture, so failing to disclose this creates privacy and operational security risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.