karpathy-coding-rules
Security checks across malware telemetry and agentic risk
Overview
This is a guidance-only coding skill that encourages careful, simple, scoped, verified code changes and does not ask for credentials, commands, network access, or persistence.
This skill is safe to install if you want an AI coding agent to be more deliberate and conservative. It may make the agent spend more time planning and validating, but it does not itself run code, access private data, install software, or connect to external services.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.