Security audit

architect-review

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only architecture review skill; it reads project files and may save a local report, but the behavior is mostly purpose-aligned and disclosed in the workflow.

Install only if you are comfortable with the agent reading project specs and architecture-relevant source files. Expect it may create `.arch-review/{date}-report.md`; review that report, including the metadata block, before sharing it or using it to drive automated fixes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The skill explicitly promises 'report only' and 'no file edits,' but later instructs the agent to create a directory and write a report file into the target project. This mismatch can cause unauthorized workspace modification and mislead users or higher-level policy layers that rely on the skill description to assess side effects.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The inline safety language says no edits or modifications will occur, yet the workflow later requires directory creation and file output. That contradiction undermines informed consent and can bypass user expectations or tooling that treats 'non-modifying' skills as safer to invoke automatically.

Vague Triggers

Medium

Confidence: 81% confidence
Finding: The natural-language trigger includes broad phrases like 'review architecture' and 'evaluate the design,' which are common requests and may cause the skill to activate in situations where the user did not intend its full workflow. In this skill, accidental activation matters more because the workflow includes project scanning, interactive triage, and report-file creation.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The user-facing description and usage examples do not warn that the skill may create `.arch-review/` and write a dated report into the repository. Hidden side effects increase the risk of unexpected file changes, repository pollution, and unsafe use in automated or low-supervision contexts.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.