Back to skill

Security audit

Fanta Autoresearch

Security checks across malware telemetry and agentic risk

Overview

This is a coherent autonomous optimization skill, but it deserves review because it can run shell verification commands and encourage delegated or background file-changing loops.

Install only if you intentionally want an agent to run iterative optimization workflows. Before use, define the exact files it may change, trusted verification commands, max iterations, timeout, rollback rules, and whether subagents or background execution are allowed. Avoid including secrets, production data, account settings, or broad home-directory paths unless that is the explicit target and you plan to review the changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def run_command(cmd: str) -> Tuple[int, str]:
    """Run shell command and return exit code + output."""
    result = subprocess.run(cmd, shell=True, capture_output=True, text=True)
    return result.returncode, result.stdout + result.stderr

def extract_metric(output: str, pattern: str) -> Optional[float]:
Confidence
98% confidence
Finding
result = subprocess.run(cmd, shell=True, capture_output=True, text=True)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrases are very broad, including generic language like 'improve X', 'optimize Y', 'iterate until', and 'autonomous loop'. This can cause accidental invocation in contexts where the user did not intend autonomous code changes or command execution, increasing the chance of unsafe actions being initiated on the wrong task.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill operationalizes autonomous iteration with file changes, shell-based verification, commits, rollbacks, subagent spawning, and background execution, but it does not clearly warn users about those behaviors up front. In this context, the absence of a prominent warning is dangerous because the skill is explicitly designed to act repeatedly and persist changes, magnifying the effect of any mistaken invocation or poorly scoped task.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The interface requires a user-supplied verification command and then executes it, but the script does not clearly warn that this parameter causes direct shell execution. In a skill designed for autonomous optimization loops, lack of explicit warning increases the chance that operators pass unsafe or untrusted input and repeatedly execute harmful commands.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.