Skill Proposal Gen

Security checks across malware telemetry and agentic risk

Overview

This appears to be a local proposal-generation skill, but it can read or write JSON and Markdown files outside its intended folder if given a crafted project name.

Review before installing. Avoid project names containing slashes, backslashes, absolute paths, or '..'. The skill stores proposal content locally and should be updated to validate project names and force all reads and writes to remain inside its proposals folder.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The skill is documented with extremely broad purpose statements such as '基础功能实现', '状态管理', and '数据处理', plus a generic execute(action="connect") example without clear trigger boundaries or user-consent conditions. In an agent ecosystem, vague scope increases the chance of over-broad invocation, misuse in unintended workflows, and unsafe assumptions about what operations the skill may perform.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal