Back to skill

Security audit

Vitest Testing

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Vitest testing guide, and the scanner alerts are explained by normal test-mock cleanup examples rather than agent memory manipulation.

Installers should understand this skill may guide an agent to create or edit test files, run the project test command, and update snapshots when asked. That is normal for a Vitest helper; review generated tests and snapshot changes before committing them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Memory PoisoningPersistent Context Injection, Context Window Stuffing, Memory Manipulation
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Memory Manipulation

High
Category
Memory Poisoning
Content
beforeEach(() => {
  vi.clearAllMocks()    // Clear mock history
  vi.resetAllMocks()    // Clear history + reset implementations
  vi.restoreAllMocks()  // Restore original implementations (spies)
})
Confidence
80% confidence
Finding
Clear history

Memory Manipulation

High
Category
Memory Poisoning
Content
beforeEach(() => {
  vi.clearAllMocks()    // Clear mock history
  vi.resetAllMocks()    // Clear history + reset implementations
  vi.restoreAllMocks()  // Restore original implementations (spies)
})
Confidence
24% confidence
Finding
Clear history

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.