Security audit

Opc Os Core

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed business-operations blueprint, not an executable skill that secretly installs or runs automation.

Install only if you want a blueprint for autonomous business operations. Before implementing it, explicitly choose which folders, departments, cloud services, cron jobs, and publishing channels are in scope; keep credentials and private keys local; require approval for public posts, customer-facing actions, and paid workflows; and define retention and access rules for any reports sent to Tencent Docs or Feishu.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill explicitly promotes redundant inter-agent communication through shared files and Tencent Docs, plus scheduled reporting via Feishu, but does not provide an explicit privacy warning, consent model, retention guidance, or boundaries on what data may be sent to cloud services. In a multi-agent operating system handling business, financial, and potentially sensitive operational data, this omission can lead users to transmit confidential information to third-party platforms without understanding the exposure.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal