Back to skill

Security audit

Coding Standards

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only coding standards skill; the scanner concerns are low-impact or false positives, with no executable code or hidden data access found.

Safe to install as a coding guidance skill. Be aware it may influence broad code review or best-practices prompts, and its marketplace capability tags appear broader than the actual documentation-only content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The manifest description lists generic trigger phrases such as "best practices," "code review," and "quality standards," which are common phrases in everyday development conversations. Because the file does not narrow the activation context or provide exclusion conditions, the skill could be invoked unintentionally for broad coding-related requests.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
POST   /api/markets              # Create
PUT    /api/markets/:id          # Replace
PATCH  /api/markets/:id          # Update
DELETE /api/markets/:id          # Delete

# Query parameters for filtering
GET /api/markets?status=active&limit=10&offset=0
Confidence
80% confidence
Finding
DELETE /api/markets/:id

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.