Cancorteaw App
Security checks across malware telemetry and agentic risk
Overview
This skill is plausibly meant for local Expo app building, but it hands raw commands to an unreviewed local script that would run tools and write files.
Before installing or invoking this skill, inspect /home/patron/apps/_bin/appctl yourself. Confirm it strictly validates subcommands, project names, ports, and paths; confines writes to /home/patron/apps; and only runs the documented Expo workflow. Use it only on a machine where npm/npx code execution and a persistent local preview process are acceptable.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.