Coding 1.0.3

Security checks across malware telemetry and agentic risk

Overview

This skill is a local coding-preference memory helper with clear limits and no network or executable code.

Install only if you want the agent to keep a small local coding-preference memory. Confirm each preference before it is saved, and periodically review ~/coding/memory.md for entries you no longer want.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Rogue AgentSelf-Modification, Session Persistence
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Autonomous Decision Making

Medium

Category: Excessive Agency
Content: This skill NEVER: - Reads project files to infer preferences - Observes coding patterns without consent - Makes network requests - Reads files outside `~/coding/` - Modifies its own SKILL.md
Confidence: 75% confidence
Finding: without consent

Autonomous Decision Making

Medium

Category: Excessive Agency
Content: ## Common Traps - Adding preferences without confirmation → user loses trust - Inferring from project structure → privacy violation - Exceeding 100 lines → context bloat - Vague entries ("good code") → useless, be specific
Confidence: 75% confidence
Finding: without confirmation

Self-Modification

High

Category: Rogue Agent
Content: # Criteria for Code Preferences Reference only — consult when deciding whether to update SKILL.md. ## When to Add
Confidence: 85% confidence
Finding: update SKILL

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal