Security audit

Test Runner

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only testing helper whose install and test commands match its stated purpose.

Install this if you want testing workflow guidance. As with any test-running helper, review commands before running them in an unfamiliar repository, and prefer an isolated environment when installing dependencies or executing tests.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill includes package installation and test execution commands that can change the local environment and run arbitrary code from project dependencies, test hooks, or repository scripts. In an agent context, presenting these commands without explicit safety warnings or sandboxing guidance is dangerous because tests and package managers commonly execute untrusted code during install and run phases.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.