Security audit
LYGO Docker Deploy
Security checks across malware telemetry and agentic risk
Overview
This skill is a straightforward Docker deployment guide with disclosed local service behavior and no packaged executable code.
Review the referenced GitHub project, docker compose file, and setup script before running them, and keep port 8787 bound locally unless you intentionally expose it with TLS and appropriate access controls.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
62/62 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
