Back to skill

Security audit

Small Context Coding

Security checks across malware telemetry and agentic risk

Overview

The skill appears to use local notes and helper scripts for workflow management, but it asks for broad workspace-writing and command-running behavior without clear user consent or tight activation scope.

Install only if you want the agent to create persistent workflow notes and run local helper scripts in your repository. Before use, confirm where notes are written, keep them out of version control if they may contain private task details, and require the agent to ask before running setup or modifying files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill clearly instructs the agent to write files and run shell commands, but it does not declare corresponding permissions. That mismatch can cause the platform or user to underestimate the skill's operational power, increasing the chance of unintended file modification or command execution during routine use.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The activation criteria are broad enough to match many normal coding tasks, so the skill may be invoked in situations where persistent notes, shell usage, or delegation are unnecessary. Because this skill recommends file creation and command execution, overbroad triggering expands the surface area for side effects beyond clearly consented workflows.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill directs the agent to create and maintain notes under the repository workspace without first requiring a user warning or consent. Silent file creation can alter a working tree, interfere with tooling, leak task details into tracked files, or surprise users who expected analysis-only behavior.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The initialization guidance tells the agent to run helper scripts that create files, but it provides no built-in warning that these commands will modify the repository or local workspace. This is risky because users may interpret setup as harmless planning assistance when it actually performs writes via shell execution.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.