Security audit

Auto Skill Loader

Security checks across malware telemetry and agentic risk

Overview

This skill openly acts as an automatic skill loader and router, but it gives broad control over which skills and agents handle user requests by default.

Install only if you intentionally want an agent to choose and load other installed skills for you. Review the skills in workspace and global skill directories first, consider setting dryRun: true or matchMode: strict, disable enableRouting unless you need inter-agent delegation, and avoid using it with untrusted local skills.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Vague Triggers

High

Confidence: 95% confidence
Finding: The invocation scope is dangerously broad because it allows activation from essentially any directly described task, not just explicit trigger phrases. In an agent environment, this can cause the loader to intercept unrelated requests, auto-load additional skills, and alter execution flow without clear user consent, increasing the risk of privilege expansion or unsafe skill chaining.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The README advertises automatic task analysis, skill loading, and agent routing without warning that these behaviors can silently change which components handle a request. In a skill-loader context, hidden execution-flow changes are security-relevant because they can surprise users, bypass expected review points, and make downstream actions harder to predict or audit.

Vague Triggers

High

Confidence: 94% confidence
Finding: The trigger conditions include phrases like '自动加载skill', '动态加载', '智能匹配skill', and even '任何需要判断使用哪个 skill 的场景', which is extremely broad. In an agent environment, such overbroad activation can cause unintended invocation on ordinary requests, expanding the skill's influence over routing, file discovery, and downstream skill loading without clear user intent.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The package description explicitly advertises automatic task detection and dynamic skill loading but provides no clear boundaries, trigger criteria, or exclusion rules. In an agent skill-loading context, ambiguous routing behavior can cause unintended or over-broad activation of powerful skills, increasing the chance of prompt-driven misuse, privilege crossing, or unsafe tool selection.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.