漫客软件法律专家

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only legal compliance review skill with no executable code, hidden data movement, or install-time behavior.

Before installing, consider that this skill may inspect sensitive source code and legal/product documents when you ask for compliance review. Use it as an AI-assisted checklist, not as a substitute for qualified legal counsel, and verify cited law and penalties because regulations can change.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The skill lists very broad trigger phrases such as generic compliance-check requests that are likely to appear in ordinary conversation, but it does not define strong exclusions or disambiguation rules. This can cause the skill to activate when the user did not intend a legal-compliance workflow, leading to incorrect routing, unnecessary document/code review behavior, and over-collection or processing of user-provided sensitive materials in the wrong context.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal