Runtime Debugging Skill

Security checks across malware telemetry and agentic risk

Overview

This is a real runtime tracing debugger, but it needs Review because it installs remote code, changes application startup/build behavior, and handles secrets and trace data in unsafe or under-disclosed ways.

Install only after reviewing the Syncause SDKs and remote installers, pinning versions, and understanding what trace data leaves your machine. Do not use this on production or sensitive repositories unless secrets are redacted and outbound tracing is approved. Keep API keys out of committed project files, avoid the embedded Maven token pattern, inspect any installer before running it, and verify teardown removes all startup hooks, dependencies, MCP config, and `.syncause` files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (11)

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The guide directs users to add and install a package from a remote wheel URL hosted on GitHub releases, which introduces third-party code into the target project and runtime. In the context of a skill described as debugging via execution traces, this is a substantial expansion of capability because it causes code installation and execution rather than merely analyzing existing failures.

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The skill instructs modification of dependency manifests and package installation even though the stated skill purpose is diagnosing bugs using runtime traces. That mismatch increases risk because users invoking a debugging tool may not expect persistent project changes or new code being introduced into their environment.

Context-Inappropriate Capability

High

Confidence: 97% confidence
Finding: The guide instructs the agent to inject initialization code into the application's entry point so it runs automatically at startup. This is intrusive and dangerous because it creates persistent code execution, alters application behavior globally, and enables telemetry or external service interaction under the guise of debugging.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill explicitly instructs the agent to create and execute reproduction and helper scripts in the target project without requiring user confirmation, sandboxing, or warnings about code execution and file modification risk. In a debugging context this may be operationally useful, but it still creates a real security hazard because running generated scripts against an arbitrary repository can execute untrusted project code, alter files, trigger side effects, or worsen compromise in a hostile environment.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The teardown phase instructs deletion of the `.syncause` folder from the project root without requiring confirmation or explaining that this removes project files. Even if intended as cleanup, unconditional deletion guidance can cause data loss, remove potentially important debugging artifacts, and normalize destructive filesystem actions by the agent in a user repository.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The document includes what appears to be a live GitHub Packages access token split across two Maven properties and instructs users to place it directly in pom.xml. Embedding credentials in a project file risks accidental source control disclosure, CI log leakage, artifact exposure, and unauthorized repository access by anyone who obtains the file.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The guide configures a Byte Buddy transformation plugin to connect to a remote wss endpoint and pass an API key during instrumentation, but provides no disclosure about outbound network communication, code transformation side effects, or what data may be transmitted. In a debugging/runtime tracing skill, this is especially sensitive because execution traces can include proprietary code behavior, stack traces, environment details, and potentially secrets from application runtime.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The document repeatedly instructs users to place a long-lived API key directly into IDE and tool configuration files, often in project-level locations, without any warning about plaintext storage, accidental commits, local exposure, or use of safer secret sources. Because these configs may be shared, backed up, synced, or committed to source control, the guidance increases the likelihood of credential leakage and unauthorized use of the MCP service.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The documentation instructs users to execute a remote script directly from GitHub via curl-pipe-bash, which removes any opportunity to inspect the script before execution and creates a direct arbitrary code execution path. In an agent skill context, this is more dangerous because an automated system or operator may follow the instruction verbatim, implicitly trusting remote content that could change or be compromised.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: Installing directly from a remote wheel URL causes a network fetch and subsequent execution of unverified package code, yet the guide provides no warning about supply-chain risk, trust boundaries, or code execution implications. This is especially risky in developer environments where package installation often leads to immediate import-time or runtime execution.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The initialization snippet hardcodes an API key, app name, and project ID into the application's startup path without warning about secret handling or telemetry transmission. This can expose credentials in source control, cause unauthorized data export, and silently instrument the application every time it starts.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal