Enterprise Code Review

Security checks across malware telemetry and agentic risk

Overview

The skill is a legitimate code-review helper, but it defaults to running nested review commands with full sandbox bypass and can automatically send diffs to fallback AI reviewers.

Install only if you are comfortable with an automated review helper that can run nested Codex with full filesystem and command authority by default. Prefer setting AUTOREVIEW_YOLO=0 or using --no-yolo, and set --fallback-reviewer none if you do not want diffs sent to other local AI reviewer CLIs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger condition is broad enough to activate on many ordinary requests about reviewing code, PRs, or commits, which can cause the skill to run when the user did not explicitly intend to invoke this exact workflow. In an agent setting, over-broad activation can lead to inappropriate tool use (such as fetching code or diffs) and reduce user control over behavior.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal