Back to plugin

Security audit

LYGO Lattice Pulse

Security checks across malware telemetry and agentic risk

Overview

This plugin is a disclosed, read-oriented LYGO verification helper with no evidence of hidden writes, credential access, persistence, or destructive behavior.

Install only if you intend to use the LYGO verification workflow. Configure stackRoot or LYGO_STACK_ROOT to a clone you trust, because the optional Python gate helper imports code from that local stack. Treat plugin gate results as advisory until you run the documented authoritative gate and give explicit human consent for any live submit or ingest.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

61/61 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dynamic_code_execution

Dynamic code execution detected.

Critical
Code
suspicious.dynamic_code_execution
Location
scripts/_stack_tools.py:30
Evidence
spec.loader.exec_module(mod)