Nm Parseltongue Python Testing

Security checks across malware telemetry and agentic risk

Overview

This is a normal Python testing reference skill with broad activation terms but no hidden executable behavior.

Use this as ordinary Python testing guidance. Review dependency versions before copying pip commands, use a virtual environment, and only enable CI coverage upload services if sharing coverage metadata with that service is acceptable. The linked external Claude Code plugin with agents, hooks, and commands was not part of this reviewed artifact and should be assessed separately before installing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger list contains very broad terms like "python", "testing", and "pytest", which are likely to appear in ordinary user conversations and can cause this skill to activate outside narrowly intended contexts. Over-broad activation increases prompt-surface exposure and can lead to irrelevant or unintended guidance being injected into unrelated sessions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal