Back to skill

Security audit

Local Password Generator & Strength Check

Security checks across malware telemetry and agentic risk

Overview

This is a local password generator and checker, with one usability risk: checked passwords are entered on the command line where they may be exposed locally.

Reasonable to install for local password generation. Avoid checking valuable existing passwords with the documented command-line argument form unless you understand that the password may be retained or visible locally; prefer using it only for test passwords or modify it to read from a hidden prompt or stdin.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script takes the password as a positional command-line argument, which can expose the secret through shell history, process listings, audit logs, and wrapper tooling. In a password utility, this is especially risky because users are likely to paste real credentials, turning a local strength check into inadvertent credential disclosure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.