Back to skill

Security audit

ELPA

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed ML training orchestrator, but execute mode will run the training commands from the user's config on the local machine.

Install only if you intend to orchestrate local ML training. Start with the dry run, inspect every rendered train_cmd, use trusted configs and training code only, and run in an environment without unnecessary secrets or elevated privileges.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
stderr_path.parent.mkdir(parents=True, exist_ok=True)

        with stdout_path.open("w", encoding="utf-8") as out_f, stderr_path.open("w", encoding="utf-8") as err_f:
            completed = subprocess.run(
                item["train_cmd"],
                shell=True,
                cwd=item["model_dir"],
Confidence
98% confidence
Finding
completed = subprocess.run( item["train_cmd"], shell=True, cwd=item["model_dir"], env=env, stdout=out_f,

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The overview/workflow describes real training orchestration but does not prominently warn that enabling execution will run external commands from the user's own codebases and produce filesystem artifacts. In an agent setting, this omission can lead to unsafe delegation where command execution and writes occur without the operator fully understanding the trust boundary.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.