Back to skill

Security audit

Coding

Security checks across malware telemetry and agentic risk

Overview

This skill stores confirmed coding preferences locally and does not show executable, network, credential, or hidden behavior.

Install this only if you want coding preferences remembered across sessions in ~/coding/. Confirm only preferences you actually want saved, and review or delete ~/coding/memory.md if you want to clear the memory. The wording in criteria.md is slightly inconsistent, so treat SKILL.md's explicit confirmation and no-self-modification rules as the intended behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Self-Modification

High
Category
Rogue Agent
Content
# Criteria for Code Preferences

Reference only — consult when deciding whether to update SKILL.md.

## When to Add
Confidence
88% confidence
Finding
update SKILL

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.