Code Audit

Security checks across malware telemetry and agentic risk

Overview

This is a coherent code-audit skill that reads repository context for audits and does not show hidden, destructive, or deceptive behavior.

Install this if you want an agent to perform repository audits. Treat audit snapshots and packets as potentially sensitive because they can include local paths, branch names, changed-file names, and diff stats; use .auditignore/skip paths and avoid external reviewer routes unless your repository policy allows sharing code or metadata.

SkillSpector

By NVIDIA

Vulnerability Patterns

Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 82% confidence
Finding: The script emits repository root, branch name, git status, diff stats, ignore patterns, and sampled file paths directly to stdout/JSON without any explicit consent gate, redaction, or warning at the point of output. In an audit skill context, this can expose sensitive repository metadata, internal filenames, feature names, or change activity to downstream logs, agents, or users who did not intend that level of disclosure.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal