瓦匠

Security checks across malware telemetry and agentic risk

Overview

This appears to be a tile or renovation guidance skill with an over-broad trigger list, but no evidence of hidden code, credential access, persistence, or harmful behavior.

Safe to install for tile or masonry help. Be aware that it may activate on generic renovation wording; confirm the task is actually tile-related before following specialized guidance, especially for waterproofing, drainage, or structural work.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger list is broad enough to activate on generic renovation terms such as waterproofing, leveling, drains, corners, and material names that may arise outside a tile-mason context. This can cause the skill to intercept unrelated user requests and steer responses into domain-specific guidance or script-driven cost estimation when another skill or safer general handling would be more appropriate.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal