Back to skill

Security audit

Mini Coder Max

Security checks across malware telemetry and agentic risk

Overview

This is a broad but disclosed coding-workflow skill with no hidden executable code, install hooks, credential access, persistence, or exfiltration behavior found.

Install this if you want a general coding workflow assistant. Because it uses broad triggers and can guide code changes and web research, invoke it intentionally and review plans, sources, and diffs before accepting changes in important projects.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger keywords are extremely broad and map to common everyday coding requests, making accidental or overly frequent invocation likely. That increases the chance this powerful autonomous skill activates in situations where a narrower or safer skill would be more appropriate, expanding its operational reach and indirectly increasing exposure to risky actions like unnecessary web research or large autonomous code changes.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.