Back to skill

Security audit

Fix Llm Artifacts

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly coherent, but it can automatically run whole-repository autofix tools that may change files beyond the review findings the user approved.

Install only if you are comfortable with the skill modifying repository files beyond the specific review findings during formatting/autofix. Use --dry-run first, review the git diff carefully afterward, and avoid running it on important work without a clean branch or backup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill’s stated contract is to apply fixes derived from a locked review finding set, but the post-fix verification step runs repository-wide autofix and formatting commands such as `ruff check --fix .`, `ruff format .`, and `npx eslint --fix .`. Those commands can modify many files unrelated to the reviewed findings, violating the anti-confabulation and 1:1 locked-id constraints and potentially introducing unintended changes outside user-approved scope.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The skill explicitly says fixes must map 1:1 to the locked finding IDs and that nothing inferred from memory or wider repo state should be changed. Later instructions contradict that guarantee by invoking whole-repository mutating tools, which can alter files and code paths not present in the locked set, undermining the safety gate and making scope creep likely.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.