Back to skill

Security audit

Hash

Security checks across malware telemetry and agentic risk

Overview

This is a local checksum utility, with the main caution that it keeps local history and batch manifest files containing file paths and hashes.

Install only if you are comfortable with a checksum helper that stores local operation history and batch manifests under ~/.local/share/hash. Avoid batch hashing broad or sensitive directories unless you want those paths and hashes retained locally, and delete the history or manifest files when you no longer need them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script persistently records hash operations to a history file under the user's home directory without consent, disclosure, or controls. Those log entries can reveal sensitive filenames, directory structure, and in some cases user-supplied text/hash verification activity, which may expose confidential operational metadata to other local processes, backups, or later users of the account.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.