Back to skill

Security audit

Cli Agent Architecture

Security checks across malware telemetry and agentic risk

Overview

This is a transparent CLI-agent architecture guide with small local output-formatting helpers; its shell-command focus is powerful but disclosed and central to the skill.

Install this only if you want guidance for shell-centered agents. Use sandboxing or least-privilege accounts, add approval gates for destructive or networked commands, avoid running against sensitive files unless necessary, and clean up temporary output files that may contain private data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The skill advocates a single unrestricted shell execution primitive and includes implementation guidance for reading, writing, and executing commands, but it does not pair this with explicit safety constraints, approval gates, or user-impact warnings. In an agent-skill context, this can normalize arbitrary command execution and filesystem modification without guardrails, increasing the chance of destructive or privacy-impacting actions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.