Code Runner

Security checks across malware telemetry and agentic risk

Overview

This skill transparently runs local code snippets, which is powerful but matches its stated purpose and is disclosed with safety guidance.

Install only if you want an agent to execute code on your machine. Treat snippets as programs you are running yourself, and use a sandbox or disposable environment for untrusted code, especially code that can access files, network, subprocesses, or environment variables.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The skill description is broad enough that an agent may invoke it for general coding-related requests, not just explicit code execution. In this skill's context, over-triggering is risky because the capability runs arbitrary code across many languages, which can expose the host to filesystem, network, or command-execution abuse if user-supplied code is executed without strict gating.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: This script is explicitly designed to execute user-supplied code across many languages by building shell command strings and invoking them with exec(), which provides direct arbitrary code execution on the host. In an agent-skill context this is especially dangerous because untrusted user prompts, model-generated code, or indirectly sourced content can trigger filesystem access, network calls, subprocess spawning, and shell abuse without sandboxing or a clear safety gate.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal