Review Remix V2

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Remix v2 code-review skill with expected project inspection and verification steps, but users should run npm checks only in a trusted or isolated project environment.

Install is reasonable for reviewing Remix v2 projects. Use it on repositories you trust, or run the verification commands inside a container/VM because npm scripts come from the project being reviewed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 86% confidence
Finding: The skill instructs the reviewer to run `npm run lint`, `npm run typecheck`, and `npm run test`, which execute repository-defined scripts and can trigger arbitrary code from the untrusted project under review. In a security-review skill, this is risky because users may follow the instructions on hostile repositories without realizing those commands are not inherently safe.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal