Dead Code Finder

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward dead-code scanning skill that reads JavaScript/TypeScript project files and reports likely unused code without hidden network, credential, or deletion behavior.

Install only if you want a local JS/TS dead-code scanner. Treat its findings as candidates, not proof: confirm dynamic imports, entry points, public APIs, and tests before deleting anything.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 67% confidence
Finding: The trigger phrase 'code cleanup' is very broad and can cause the skill to activate in situations unrelated to dead-code analysis. Unintended invocation could expose repository structure and dependency information or steer an agent toward recommending removals in the wrong context, increasing the chance of unsafe or confusing automation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal