Back to skill

Security audit

Mass Production Quality Gate

Security checks across malware telemetry and agentic risk

Overview

This is a text-only quality-management helper whose local report-writing behavior is disclosed and aligned with its stated purpose.

Before using it, decide where generated reports should be written and avoid running report generation in a shared or sensitive working directory. Also note that the referenced scripts/build_report.py file is not included in the inspected artifact, so the packaged skill may provide guidance but not the claimed local renderer unless that script is supplied elsewhere.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill explicitly describes generating files into the current working directory, including a default write behavior, without clear user-facing consent or a safer output-location policy. In agent environments, implicit file writes can overwrite existing artifacts, leak sensitive operational data into shared workspaces, or create unintended persistence that other tools or users can access.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.