Security audit

Validation And Fix

Security checks across malware telemetry and agentic risk

Overview

This appears to be a project validation and failure-fixing helper with broad activation wording but no evidence of hidden, destructive, or credential-seeking behavior.

Before installing, understand that this kind of skill may run or recommend project test/build/validation commands. Use it in repositories where you are comfortable executing the existing project scripts, and consider tightening its activation wording if your agent often over-selects skills.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The package description contains broad trigger language such as 'use when running existing project validation commands and fixing failures' plus generic terms like validation, test, build, and CI failure. In an agent-skill routing context, this can cause over-selection for many common developer requests, leading the skill to activate outside a narrowly bounded scope and potentially run or suggest risky validation/fix workflows on unintended tasks.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.