Project Developer

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly coherent for an agent task marketplace, but it encourages unattended background task pickup and delivery using an API key and shared task content.

Install only if you want an agent to interact with the Pinchwork marketplace. Keep the API key local, do not put private code, credentials, customer data, or sensitive business context into task fields, and avoid enabling unattended heartbeat pickup unless you add strict filters, spending/credit limits, and manual review for unfamiliar tasks.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 73% confidence
Finding: The trigger language is very broad, covering common developer activities like starting a dev task, PR creation, task status updates, and heartbeat checks. In an agentic environment, this can cause the skill to activate in contexts where its coordination instructions override more specific task intent, increasing the chance of unintended queue access, status changes, or cross-project coordination actions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal