Back to skill

Security audit

Coding Lite - 轻量级编码助手

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only lightweight coding helper; its code-generation risks are disclosed and expected for that purpose, with no hidden installer or persistence found.

Before installing, treat generated scripts, SQL, macros, and automation as code you may later run with your own permissions. Review outputs first, back up important data, avoid production systems until tested, and require explicit confirmation before file, database, network, or macro actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The README explicitly advertises Python script generation and execution but provides no warning about reviewing generated code, limiting execution scope, or the effects of running code against local files and data. In an agent skill context, this can normalize unsafe execution and increase the chance that users run untrusted or overly powerful code without understanding the risks.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger condition is very broad: any user asking for code, automation, data processing, or queries could invoke this skill, with little boundary on scope or risk level. In a skill that explicitly supports code generation and execution, broad routing increases the chance of inappropriate activation for sensitive or higher-risk requests, which can lead to unsafe code suggestions or accidental execution-oriented assistance.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.