myskill
Security checks across malware telemetry and agentic risk
Overview
This skill is a straightforward local CSV deduplication helper with no evidence of network access, credential use, persistence, or hidden behavior.
This appears safe to install for local CSV deduplication. Choose the output path carefully because the script opens it for writing and can overwrite an existing file at that path; also note that the package metadata changelog is inconsistent with the reviewed files.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.