Workspace Guard

Security checks across malware telemetry and agentic risk

Overview

This safety-focused workspace guard is not malicious, but it needs review because its own reference guidance includes an unsafe path-expansion example and inconsistent audit-log storage.

Review before installing. The concept is useful, but replace the `eval` path-expansion example with safe path handling, configure the workspace root for your machine, and keep audit logs inside the intended workspace with clear retention controls.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Behavioral ASTexec() Call, eval() Call, Dynamic Import
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Context-Inappropriate Capability

High

Confidence: 98% confidence
Finding: Using eval to expand environment variables in a path introduces shell command execution on untrusted input. An attacker could embed command substitutions or shell metacharacters in the path string, causing arbitrary commands to run in the context of the agent instead of merely resolving a pathname.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The example omits any warning that eval executes embedded shell content, which is especially dangerous in a boundary-enforcement skill that may process attacker-controlled paths. In this context, the documentation can directly encourage unsafe implementation patterns leading to command injection.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal