Beta Code Review

Security checks across malware telemetry and agentic risk

Overview

This is a checklist-style code review skill whose install steps and runtime instructions match its stated purpose.

Install only from a source you trust, especially when using npx or copying into global skill folders. The reviewed package itself appears to be a normal code-review checklist skill with no hidden execution or sensitive access requests.

SkillSpector

By NVIDIA

Vulnerability Patterns

Rogue AgentSelf-Modification, Session Persistence
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Session Persistence

Medium

Category: Rogue Agent
Content: From your project root: ```bash mkdir -p .cursor/skills cp -r ~/.ai-skills/skills/testing/code-review .cursor/skills/code-review ```
Confidence: 60% confidence
Finding: mkdir -p .cursor/skills cp -r ~/.ai-skills/skills/testing/code-review .cursor/skills/code-review ``` #### Cursor (global) ```bash mkdir -p ~/.cursor/skills cp -r ~/.ai-skills/skills/testing/code-rev

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal