Back to skill

Security audit

cwd-guardian

Security checks across malware telemetry and agentic risk

Overview

The skill appears to have a disclosed filesystem recovery side effect, but the available evidence does not show deception, exfiltration, destructive behavior, or purpose-mismatched authority.

Before installing, confirm you are comfortable with the skill recreating a missing working-directory path and potentially allowing the associated daemon to continue. Prefer running it only in an intended workspace, and look for logs or confirmation controls around any recovery action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly states it will recreate a missing working-directory path on disk, but the description provides no warning about that side effect or its risks. Automatically rebuilding a deleted cwd can hide underlying filesystem problems, recreate paths in unintended locations, and cause the evolver daemon to resume operation against a directory the user expected to remain removed.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
index.js:41