Cxz9909 Code Assistant

Security checks across malware telemetry and agentic risk

Overview

This skill is a code-analysis helper that reads selected project files and does not show hidden data sending, persistence, or destructive behavior.

Install only if you are comfortable letting it inspect selected project files. Keep auto-fix disabled unless you intentionally review proposed changes first, use ignore patterns for private or secret-heavy folders, and avoid optional external-agent delegation for confidential code unless your policy allows sharing it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill states that bugs can be auto-corrected and that automatic fixes may be applied, but it does not clearly warn that user files could be modified. In a code-assistant skill, this increases the chance of unexpected or silent code changes, which can introduce vulnerabilities, break builds, or alter sensitive project files without informed consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal