Code Simplifier

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed code-refactoring helper, but its automatic simplification mode can produce broken or behavior-changing Python without adequate warning.

Install only if you treat the automatic --simplify feature as experimental. Prefer --analyze and --suggest, write any simplified result to a separate file, review the diff carefully, and run tests before replacing original code.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill advertises an automatic code simplification command, including in-place style invocation, without clearly warning that user code may be modified or recommending safe defaults like writing to a separate output file and reviewing diffs. In a code-editing skill context, this increases the risk of unintended destructive changes, loss of logic, or introduction of regressions if users or agents invoke the operation directly.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal