Back to skill

Security audit

Opc Os Core

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a disclosed automation template, but it encourages unsupervised public posting and automatic skill republishing with weak approval and scoping controls.

Review this carefully before installing. Treat it as an automation blueprint, not something to run unattended by default. Only enable cron jobs after you have scoped credentials per platform, added human approval before public posts or skill publishing, set dry-run/report-only behavior for maintenance jobs, and confirmed logs and rollback steps for any external account action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The monthly maintenance cron grants an autonomous agent the ability to republish all published skills based only on a local-vs-remote comparison, without any approval gate, scope restriction, or integrity verification. In this skill context, that is dangerous because republishing changes externally distributed agent behavior at scale, so a compromised local workspace, bad prompt output, or unintended file change could silently push altered skills to users.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill repeatedly promotes autonomous cron-driven posting, reporting, routing, and external-channel operations across platforms without clear consent gates, sandboxing, or explicit warnings about account, compliance, and reputational consequences. In context, this is more dangerous because the system is framed as a self-running company OS with independent departments and publishing authority, which increases the chance of unsupervised actions affecting real external accounts or paid funnels.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.