Skill Lookup

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed skill installer, but it can permanently add third-party skill files to Claude with limited safeguards.

Install only if you are comfortable letting this skill add third-party skills from prompts.chat into your persistent Claude skills folder. Before installing any fetched skill, review the author, SKILL.md, filenames, scripts, and configuration files, and avoid installing skills that request broad access or contain unexpected helper code.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill instructs the agent to write arbitrary retrieved files into `.claude/skills/{slug}/` without requiring an explicit warning, confirmation, or trust review of the downloaded content. Because installed skills can later influence agent behavior, this creates a supply-chain style risk where a user may unknowingly persist untrusted instructions or helper files into the local environment.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal