Back to skill

Security audit

Coding Disciplines

Security checks across malware telemetry and agentic risk

Overview

The skill is not malware, but it tells an agent to make broad automatic project changes and includes an unsafe database deletion step that should be reviewed before use.

Install only if you want this skill to enforce a strict coding workflow that writes project documentation and work logs automatically. Before using it in real repositories, remove or override the database deletion rule, require confirmation before file creation or command execution, and limit activation to projects where framework.md, WORK_LOG.md, MEMORY.md, and plan synchronization are expected.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Vague Triggers

High
Confidence
94% confidence
Finding
The skill declares that it should automatically activate for every coding task and mandates reading multiple files before work begins. This creates an overly broad trigger surface that can cause the agent to apply the skill outside the user’s intended scope, leading to unsolicited file access and process changes across unrelated projects.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to create and update framework.md and WORK_LOG.md as a mandatory prerequisite, but it does not require prior user consent or a warning that files will be created or modified automatically. This can result in unauthorized workspace changes, repository noise, or accidental policy violations in environments where autonomous writes are not expected.

Missing User Warnings

High
Confidence
99% confidence
Finding
The instruction to delete project_data.db before testing is an explicit destructive action with no safeguard, scope check, backup, or user approval. If followed in a real project, it could destroy local state, erase test or development data, and potentially remove the wrong database file if naming or path assumptions are incorrect.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill directs the agent to run server processes and a local Node.js helper script automatically, without warning or approval. Unprompted command execution expands the skill from advisory guidance into operational control, which can trigger unintended processes, modify local state, or execute unreviewed local scripts in sensitive environments.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.