Back to skill

Security audit

Nola Squad

Security checks across malware telemetry and agentic risk

Overview

Nola Squad is a disclosed coding-orchestration skill, but it gives agents broad authority to modify repositories and push changes without clear approval gates.

Install only if you want a proactive coding assistant that can spawn multiple subagents and modify your repository. Use narrow prompts, review diffs before release steps, and explicitly require approval before commits, pushes, PRs, server startup, test execution, or scraping outputs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The README describes a very broad trigger condition: using the skill whenever a user asks to build, fix, or review something. In agent frameworks that use natural-language matching for skill activation, overly broad invocation text can cause the skill to activate in unintended contexts, leading to unnecessary delegation, excessive agent spawning, or execution of higher-risk capabilities without clear user intent.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The activation conditions are very broad and cover common software-development requests, which makes the skill likely to trigger in situations where the user did not explicitly ask for multi-agent delegation. In this skill, broad activation is more dangerous because the skill can rapidly dispatch additional agents and initiate impactful engineering actions, increasing the chance of unintended code changes or workflow execution.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly supports deploy, commit, push, and PR-related actions, but its operating instructions emphasize defaulting to action and immediate dispatch without requiring strong user confirmation for impactful operations. In context, this raises the risk of unintended repository changes, releases, or deployment activity being initiated from ordinary conversational prompts.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This skill explicitly empowers the agent to commit, push, and create pull requests, which are repository-modifying and potentially remote-publishing actions, but it provides no requirement for explicit user confirmation or warning before taking those actions. In an agentic setting, this can lead to unintended code publication, branch updates, or PR creation from ambiguous prompts, especially because the instructions emphasize 'Just do the work.'

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly instructs the agent to save fetched external data to files, but it provides no user-facing warning, confirmation step, or constraints on where and how files may be written. This creates a real risk of unintended workspace modification, data pollution, or overwriting artifacts with untrusted content gathered from the web, especially because the skill is designed for autonomous data acquisition.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.