Dependency License Audit
Security checks across malware telemetry and agentic risk
Overview
This skill is a local dependency license scanner whose file access and executable script match its stated purpose.
Before installing, be aware that the skill will read dependency manifests, lockfiles, installed package metadata, and optional license policy files in the project directory you point it at. It does not appear to send data elsewhere or modify files, but its license results should still be reviewed manually for compliance decisions.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.