Bubbletea Code Review
Security checks across malware telemetry and agentic risk
Overview
This skill is a markdown-only BubbleTea code-review guide with no evidence of hidden execution, data access, persistence, or credential handling.
Before installing, note that this skill is intended to shape how an agent reviews BubbleTea code. It may cause the agent to read relevant project files and follow an external review-verification protocol if available, but the packaged artifacts do not add executable code or request sensitive access.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.