Performance Budget Enforcer

Security checks across malware telemetry and agentic risk

Overview

This is a coherent performance-budget helper that reads build artifacts and may write clearly named local budget/history files for its stated purpose.

Reasonable to install. Run it from the intended repository after a build, review any proposed .perfbudget.json or .perfbudget-history.json changes before committing, and start CI enforcement in a non-blocking or calibrated mode to avoid noisy failures.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 94% confidence
Finding: The skill explicitly directs the agent to create or update repository files such as `.perfbudget.json` and `.perfbudget-history.json` without any warning, confirmation step, or clear distinction between read-only analysis and write actions. In an agentic context, silent file modification can cause unintended repository changes, noisy commits, or CI side effects, especially when a user only asked for inspection or reporting.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal