Ffi Code Review

Security checks across malware telemetry and agentic risk

Overview

The only negative signal appears to be a false positive on a Rust safety-code example, not evidence of exploit behavior.

The supplied evidence does not justify holding this skill for review. Before installing, still read the skill instructions and only run any suggested commands when they fit your project and permission expectations.

SkillSpector

By NVIDIA

Vulnerability Patterns

YARA SignaturesMalware Match, Webshell Match, Cryptominer Match
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

YARA rule 'exploit_framework': Exploit framework components and payloads [hacktools]

High

Category: YARA Match
Content: } impl Drop for Widget { fn drop(&mut self) { // SAFETY: self.ptr was allocated by widget_create // and has not been freed (we own it) unsafe { ffi::widget_destroy(self.ptr.as_ptr()) }
Confidence: 80% confidence
Finding: rop(&mut self)

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal