Back to skill

Security audit

Auto README Generator (ChloePark85)

Security checks across malware telemetry and agentic risk

Overview

This is a simple local README generator, with the main risk that it can overwrite an existing README file.

Install only if you want a basic local README draft. Run it against the intended project path, back up or rename any existing README.md first, and review the generated license and content because the script does not actually inspect the project beyond its folder name.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The skill documentation states it will generate a README.md file but does not clearly warn that this action writes to disk and may overwrite an existing README in the target directory. In agent or automation contexts, unclear file-modification behavior can lead to unintended data loss or unsafe execution assumptions by users or downstream systems.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script unconditionally redirects output to "$PROJECT_PATH/README.md", which will overwrite any existing README without warning, backup, or confirmation. In an agent or automation context this can destroy user-authored documentation or repository metadata, causing data loss and potentially disrupting downstream workflows that rely on the original file contents.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.