Profile Model Manager

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a Hermes model-configuration guide, but it includes sensitive API-key handling and persistent profile changes that need review before use.

Install only if you intend to let the agent manage Hermes profiles. Review commands before running apply, avoid printing real .env secrets into the chat or logs, add API keys through a safer secret-management path, and back up profile configs before bulk changes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (5)

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The skill claims API key setup is out of scope, but later instructs users to inspect and append secrets directly into per-profile .env files. This expands the skill from configuration management into credential handling, increasing the chance of accidental secret exposure, unsafe storage, and unauthorized modification of authentication material.

Intent-Code Divergence

Medium

Confidence: 92% confidence
Finding: The document states API key configuration is not applicable here, but later includes concrete steps to add API keys to profile .env files. This inconsistency is dangerous because it undermines scope boundaries and can cause an agent or user to perform secret-handling actions they would not expect from a model-switching skill.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger phrases are broad and overlap with normal conversation about models, providers, or diagnosis. That makes unintended auto-activation more likely, which is risky because this skill contains state-changing commands that can alter profiles and restart gateways.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill tells users to append API keys directly into .env files without strong warnings about secure secret entry, shell history, file permissions, or audit exposure. Even placeholder examples normalize insecure secret handling and may lead to credentials being stored or displayed in unsafe ways.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The one-command apply mode performs bulk configuration changes and automatically restarts the gateway, but the quick-start section does not prominently warn about immediate service impact. This increases the risk of accidental outages, session disruption, or unintended provider/model switching across a live environment.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal