Claude Devfleet

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent DevFleet orchestration guide, but it can launch full-tool coding agents and automatically merge their code without clearly requiring review before changes are applied.

Install only if you trust the local DevFleet MCP service and are comfortable with autonomous agents modifying code. Use it in version-controlled, non-production repositories first, review mission plans and diffs before merging, and avoid full auto-dispatch or auto-merge flows unless you have explicit approval, tests, and rollback procedures.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill explicitly describes automatic mission dispatch and automatic merges of agent-produced code, but it does not clearly require an explicit human review or confirmation before changes are applied. In a multi-agent coding orchestration context, this increases the risk that unreviewed or unsafe code is introduced into the repository, especially because multiple isolated agents can make consequential changes in parallel.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal