Dependency Auditor

Security checks across malware telemetry and agentic risk

Overview

This skill is a local dependency-auditing toolkit whose file access and report writing match its stated purpose.

Install only if you want local dependency audit tooling. Run it against the specific project you intend to inspect, keep generated reports private if they reveal internal dependencies or paths, and choose --output filenames carefully to avoid overwriting existing files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 76% confidence
Finding: The script writes to a user-supplied output path with standard write mode, which will truncate existing files without any confirmation, backup, or safety checks. In an agent or automated workflow context, a malformed or adversarially influenced output path could overwrite important local files, causing data loss or clobbering artifacts outside the intended workspace.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal