Back to skill

Security audit

Platonic Coding

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed project workflow helper that can edit specs, guides, code, and tests, with no evidence of hidden execution, credential use, or data theft.

Install this only for repositories where you want an agent to manage specs and potentially change code/tests. Use explicit operation names, review diffs before accepting changes, and avoid 'no confirmations' unless you are comfortable with the documented workflow proceeding without intermediate approval.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Low
Confidence
91% confidence
Finding
The skill instructs the agent to write a recovered RFC to the specs directory and update rfc-history.md after user approval, but it does not explicitly warn that repository files will be modified or encourage confirming the exact target paths before writing. In an agentic workflow, this can lead to unexpected file modifications, especially if the user does not realize the operation is state-changing or if path resolution is ambiguous.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The skill instructs the agent to update repository files (`rfc-history.md`, `rfc-index.md`, and `rfc-namings.md`) but does not require an explicit user-facing warning or confirmation immediately before making those modifications. In an agent workflow, this can lead to unexpected file writes, reducing user control and making unintended repository changes more likely, even though the changes appear documentation-oriented rather than overtly harmful.

Missing User Warnings

Low
Confidence
85% confidence
Finding
The reference advertises operations that create directories, config, templates, and recover or generate project artifacts, but it does not clearly warn that these actions modify the user's workspace. In an agent skill, missing disclosure can lead to users invoking destructive or unexpected file changes without informed consent, especially because this skill is positioned as a single entry point for an end-to-end workflow.

Missing User Warnings

Low
Confidence
91% confidence
Finding
The implementation section includes end-to-end spec-to-code-and-tests generation and implementation from existing guides, but it does not warn that these operations will write or alter source files. Because the skill is an orchestrator that may auto-route users into implementation, the lack of disclosure increases the chance of unintended code changes being made automatically.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
Telling the user to say "no confirmations" to skip workflow gates undermines safety controls intended to pause before consequential actions. In a skill that can scaffold projects, generate specifications, and implement code, bypassing confirmations materially increases the risk of unauthorized or insufficiently reviewed workspace modifications.

VirusTotal

54/54 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.