Security audit

Project Analyzer

Security checks across malware telemetry and agentic risk

Overview

This appears to be a project-understanding skill that reads local code as part of its stated purpose, with some privacy cautions but no evidence of hidden, destructive, persistent, or exfiltrating behavior.

Install only if you are comfortable with the agent reading and summarizing files from the target project. Run it on an explicit directory, avoid workspaces containing secrets or unrelated private files, and review output before sharing it outside your environment.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 87% confidence
Finding: The skill directs the agent to inspect arbitrary project directories and defaults to the current working directory, which implies filesystem read access, yet it does not declare any corresponding permission boundary. This mismatch can cause users or hosting systems to underestimate that local files may be scanned and summarized, increasing the risk of unintended disclosure of source code or sensitive files present in the target tree.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The README advertises very broad natural-language triggers such as "Analyze this project" and "I'm new to this codebase, give me an overview," which can overlap with ordinary conversation and cause the skill to activate unintentionally. In an agent environment, ambiguous activation increases the chance of scanning unintended directories or exposing local project metadata when the user did not explicitly intend to invoke this skill.

Vague Triggers

Medium

Confidence: 76% confidence
Finding: The trigger phrases are broad enough to match many generic requests about understanding codebases, which can invoke the skill in situations where the user did not clearly consent to a directory scan or script execution. Because the skill then runs a local analysis script over a path, accidental invocation could expose project contents or perform more data collection than the user expected.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: Defaulting to the current working directory without an explicit warning or confirmation can cause the agent to scan and summarize local repository contents that the user did not intend to expose. In contexts where the working directory contains proprietary code, credentials, or unrelated files, this increases the chance of inadvertent sensitive data disclosure.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: This script is explicitly designed to scan arbitrary project directories, read priority files, and include file contents from sampled source files in its output. In an agent skill context, that creates a real data-exposure risk because sensitive information in READMEs, config files, source code, or example env files may be surfaced to downstream chat channels or logs without clear consent boundaries or redaction.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.