Description: Turn vague product ideas into AI-ready specs. Bilingual requirement closure checker for non-technical builders.把模糊的产品想法变成 AI Coding 能读懂的需求文档。面向没有产品背景的创作者，通过五步追问完成需求闭环。

Security checks across malware telemetry and agentic risk

Overview

This is a small local requirement-checking skill that only returns questions or a suggested task document and does not itself edit files, use credentials, or contact services.

Install if you want a local helper for turning vague requirements into reviewable task briefs. Review any generated FileEditor task before letting another agent apply it, and avoid putting secrets or private business details into requirement text unless you intend them to appear in the generated brief.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The function goes beyond validation and emits concrete FileEditor tasks with a target path and prescriptive downstream edit instructions. In an agentic environment, this can widen the skill's authority from analysis into action orchestration, increasing the chance that vague or adversarial input is turned into file-generation work without an explicit user confirmation step.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal