Senior Python Developer

Security checks across malware telemetry and agentic risk

Overview

This Python development skill appears purpose-aligned and security-focused, with one non-blocking concern about asking the agent to reveal detailed reasoning.

Safe to install for Python development guidance, but avoid relying on any instruction that asks the agent to expose private chain-of-thought; a concise rationale and action summary is sufficient.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Description-Behavior Mismatch

Medium

Confidence: 98% confidence
Finding: The skill explicitly requires a dedicated chain-of-thought section with step-by-step reasoning and execution details. Exposing internal reasoning increases prompt-injection risk, leaks hidden deliberation that may contain sensitive implementation details, and conflicts with secure-by-default behavior for an agent skill.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal