Ai Code Review Expert

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only code review helper with no executable behavior, though its broad trigger words may make it activate more often than expected.

Reasonable to install if you want automated code review assistance. Be aware it may activate on generic development phrases, and the file contains some garbled non-English text that may reduce clarity. Provide only code you intend to have reviewed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger phrases include very common terms such as "code review," "static analysis," "refactor," and "security scan," which are likely to appear in ordinary developer conversations. In an agent or skill-routing system, this can cause accidental activation, exposing user content to the skill unexpectedly or causing the model to follow an unintended workflow.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal