Mobazha Competitor Analysis
Security checks across malware telemetry and agentic risk
Overview
The inspected skill materials are mostly coherent developer workflows, but one bundled review helper defaults to bypassing sandbox and approval protections, which users should review before installing.
Install only if you understand that the bundled review helper may run nested Codex with full filesystem and approval-bypass privileges by default. Use the documented --no-yolo or AUTOREVIEW_YOLO=0 option when you want normal sandbox protections, and reserve moderation workflows for authenticated staff accounts with explicit targets and reasons.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.