Pad Mode

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed planning helper that creates local plan documents and requires user approval before execution.

Safe to install if you want structured planning. Review generated plan files before approving execution, avoid putting secrets or sensitive data in requests because plans are saved locally, and choose foreground mode for high-impact work such as deployments, payments, databases, or account changes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The trigger phrases include very broad natural-language terms such as "make a plan" and "plan this out," plus proactive auto-detection for complex requests. That can cause PAD mode to activate when the user did not explicitly request this workflow, changing agent behavior and potentially leading to unexpected file creation, plan persistence, or multi-step execution scaffolding.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal